Security Basics mailing list archives

Re: Database Firewall

From: Yuli Stremovsky <stremovsky () gmail com>
Date: Wed, 4 Mar 2009 00:31:44 +0200

Hello Jon

I can not be impartial about the GreenSQL project because I am
actively involved in it's development.

I am using GreenSQL dev. version in a number of production sites. It
works great for me.

BTW, if you want to use it in production I advise you to grab the
sources from subversion.
Official version will be released very shortly.


Best regards,
Yuli

---
http://www.greensql.net/


On Sat, Feb 28, 2009 at 4:16 AM, Jon Kibler <Jon.Kibler () aset com> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

In case you are not familiar with the concepts of an application
firewall, they are filters that sit between the client application and
the protected resource. For Apache, there is mod_security, which does
filtering of client supplied content for potential attacks against the
web application. Thus, mod_security fits into a class of software called
"Web Application Firewalls."

On the database side, this is a newer technology. The major open source
example of a Database Application Firewall (or, more often called just a
Database Firewall) is GreenSQL. It tries to clean up SQL to help reduce
the possibility of a successful SQL injection attack.

I have just started looking at GreenSQL as a database firewall for
MySQL. I would be interested in hearing others experience with it. Has
anyone deployed it? If so, how well does it work? Other pros and cons?

Also, we are starting to see injection attacks against LDAP. Clearly a
database firewall is needed for LDAP. Does anyone know of an LDAP
database firewall -- commercial or open source?

THANKS!

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmonocACgkQUVxQRc85QlPjbgCfZUXez83KjSxRURXPGteoTXT4
ptsAn2ShMcKfFXdWuLR+Qo/E5dRzyHAv
=jyJt
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

Current thread:

Database Firewall Jon Kibler (Mar 02)
- Re: Database Firewall Ronald van der Westen (Mar 03)
- Re: Database Firewall Yuli Stremovsky (Mar 03)
- <Possible follow-ups>
- Re: Database Firewall praveen_recker (Mar 03)
  - RE: Database Firewall Charis (Mar 03)
- Fw: Database Firewall Deano (Mar 04)