GreenSQL Application Firewall for SQL databases (MySQL)

November 25, 2011 / Web Hosting

Having already had to do with SQL injection, it is something very disturbing GreenSQL is a free GPL-licensed solution to protect your MySQL databases from attacks. Such as “SQL Injection”, “Cross-Site Scripting” and “Cross-Site requests Forgeries.”

GreenSQL works as a proxy for SQL queries on MySQL databases. Note: that it expected to operate also on the PostgreSQL database using the roadmap. You can also find the post that talks with the title: GreenSQL for PostgreSQL

The operation is based on an evaluation of SQL commands using a risk-scoring matrix. (It reminds me that SpamAssassin) and the blocking of administrative commands (DROP, CREATE, etc.).

GreenSQL operates in reverse proxy, ie, the SQL query forwarded to GreenSQL analyzes it and then passes it on to MySQL so it accepted.

GreenSQL listens on port 3305 and redirects request to port 3306, the port standard of MySQL

GreenSQL can operate in different modes:

  1. Simulation (IDS database) – only detects but not blocking anything
  2. Protection (database IPS) – Detect and block queries
  3. Learning Mode
  4. Protection against non-listed queries

In the simulation mode, GreenSQL logs in to SQL queries and sends a notification via the administration console to analyze suspicious requests by checking the risk scoring matrix to inform administrators.

In Protection mode, if a request considered illegal following questioning of its algorithmic engine, a white list consulted. If it appears in the white list, then it sent to the MySQL engine. But if the request deemed unlawful, GreenSQL returns a null response set to the application on the Web server. Of course with this method, it is possible to have false-positive and false-negative errors …

The learning mode is precisely to correct this problem by learning the types of possible queries. It will then switch back to protect against those queries that are not in the SQL query list.

When the mode of protection against non-listed queries enabled, applications or queries. That were not included in the white list automatically rejected.

GreenSQL will then calculate the risk posed by this application and assemble the information for the management console. This is the fastest mode because it only calculates the risk for new requests.

That is basically the operation of GreenSQL, which I think really be a very interesting solution, although the best is still to predict risks in the development, regarding the performance of the web application, it does not appear as if it impacted a performance test performed with the use of GreenSQL.

Note: GreenSQL packages are provided for the most common Linux distributions (CentOS, Debian, Fedora, Mandriva, RHEL 5, 5 SLE, Opensuse, Ubuntu)