sql_firewall is a PostgreSQL extension which is intended to protect
database from SQL injections or unexpected queries.
sql_firewall module learns queries which can be executed, and
prevents/warns on executing queries which are not found in the learned
How to get this tool
To use this tool, please use a method listed below.
In a Linux (Debian OS), run the following command(s).
sql_firewall can be built as a PostgreSQL extension.
export PATH=$PGHOME/bin:$PATH export USE_PGXS=1 make sudo make install
Download directly from the following link:
How to execute
sql_firewall can take one of four modes specified in sql_firewall.firewall parameter: "learning", "enforcing", "permissive" and "disabled".
In the "learning" mode, sql_firewall collects pairs of "userid" and "queryid" associated with the executed queries. "queryid" is calculated based on a parse tree, similar to pg_stat_statements.
In the "enforcing" mode, sql_firewall checks whether queries are in the list of collected pairs of "userid" and "queryid", the firewall rules. When a query not in the firewall rules comes in, sql_firewall produces an error with the message to prevent execution.
In the "permissive" mode, sql_firewall checks queries as well, but allows to execute even not in the firewall rules. And produces warnings if the queries are not in the rules.
- Apply for membership (free) at caribbeancspa.org > apply, if you have a photo ID from the Caribbean.
- View our list of Members at caribbeancspa.org > members.
This article was contributed by Racquel Bailey from Jamaica. Racquel is a member of the Caribbean CSPA.