GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works in a proxy mode and has built in support for MySQL.
The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). The project is distributed under the GPL license.
How it works?
The GreenSQL database firewall provides database protection using a number of methods:
Blocking administrative and sensitive SQL commands.
Calculating risk of each query and blocking queries with high risk.
Blocking specific SQL commands
GreenSQL uses a pattern matching engine to find commands that are considered "illegal". For example GreenSQL blocks database administrative commands. The GreenSQL administrator can decide which commands to block using the GreenSQL web management console. The administrator can also approve a blocked query by adding them to a whitelist.
For each query GreenSQL calculates its risk. After the risk is calculated GreenSQL can block the query or just create a warning message. There are a number of factors that are taken into account when calculating risk. For example:
Access to sensitive tables increases risk query (users, accounts, credit information)
Comments inside SQL commands increases query risk
Usage of an empty password string
Found 'or' token inside query
Found SQL expression that always return true
Comparison of constant values
How commands are blocked?
When GreenSQL determines that a query should be blocked it will generate an empty result set to send back to the front end so that the application can continue gracefully.
How Whitelist works?
Each time GreenSQL considers a SQL query as a security risk - it is blocked. You can alter this behavior for a specific query by explicitly allowing its pattern.
What's New in This Release:
· Application management is much more simpler now
· Bunch of bugs have been fixed