SQLassie - Effective Database Security

Thursday, April 30, 2015


SQLassie is a free MySQL database firewall that prevents SQL injection attacks at runtime. SQLassie uses Bayesian classifiers to determine the likelihood of a query being an attack. This approach produces fewer false positives than other similar approaches.

Security
SQLassie prevents injection attacks before they have a chance to run.

Instantaneous
Protection is instantaneous - just point your web applications at SQLassie and you're done!

Analysis
SQLassie tracks suspicious queries, classifies them based on their intent, and logs this information for further review.

Options
SQLassie can be used as a passive intrusion detection system or as an active intrusion prevention system.

Support
SQLassie is free and being constantly updated and improved. Have a problem or feature request? Let us know!

Usage

SQLassie currently only supports MySQL. To start SQLassie, you'll need to configure how SQLassie connects to the MySQL server, start SQLassie listening on a different port that is now protected, and then configure your applications to connect through this alternate port instead of directly to MySQL.
As an example, consider a scenario where you have a MySQL database engine running and listening for connections on the domain socket /var/run/mysql/mysqld.sock and are running a MediaWiki installation.

First, start SQLassie using
./sqlassie -s /var/run/mysql/mysqld.sock -l 3307
Then, edit MediaWiki's configuration file LocalSettings.php connect to port 3307.
$wgDBServer = "127.0.0.1:3307"

Note that you can't use localhost here; by default, MySQL interprets localhost as a request to use the direct database domain socket connection, and most web applications behave this way as well. Therefore, you have to use the explicit string 127.0.0.1 in order to force connections to go through the TCP port. Check your application's documentation for more information.




Subscribe via e-mail for updates!