sql_firewall SQL Firewall Extension for PostgreSQL

Overview

sql_firewall is a PostgreSQL extension which is intended to protect

database from SQL injections or unexpected queries.

 

sql_firewall module learns queries which can be executed, and

prevents/warns on executing queries which are not found in the learned

firewall rule.

 

How to get this tool

To use this tool, please use a method listed below.

In a Linux (Debian OS), run the following command(s).

Installation

------------

 

sql_firewall can be built as a PostgreSQL extension.

 

export PATH=$PGHOME/bin:$PATH

export USE_PGXS=1

make

sudo make install

 

Download directly from the following link:

 

How to execute

sql_firewall can take one of four modes specified in sql_firewall.firewall parameter: "learning", "enforcing", "permissive" and "disabled".

 

In the "learning" mode, sql_firewall collects pairs of "userid" and "queryid" associated with the executed queries. "queryid" is calculated based on a parse tree, similar to pg_stat_statements.

 

In the "enforcing" mode, sql_firewall checks whether queries are in the list of collected pairs of "userid" and "queryid", the firewall rules. When a query not in the firewall rules comes in, sql_firewall produces an error with the message to prevent execution.

 

In the "permissive" mode, sql_firewall checks queries as well, but allows to execute even not in the firewall rules. And produces warnings if the queries are not in the rules.

 

References:

 

-----

Next steps:

 

This article was contributed by Racquel Bailey from Jamaica. Racquel is a member of the Caribbean CSPA.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.