If you are living in Israel, you have a chance to get more information about GreenSQL. Next Sunday on 14/09/2008 I am giving presentation about GreenSQL on OWASP Israel 2008 Conference.

At this event I am going to talk about MySQL security and how GreenSQL can help you to leverage your protection level. New version GreenSQL SQL firewall will be described.

Update: reenSQL_Database_Firewall.ppt">here you can find the presentation.

I would like to make this post to reference one of posts published on mysql.com website. A lot of mysql users visit our site and I think our users will be willing to help. Here are the full details:

Donations are requested to help Andrii Nikitin, a MySQL support engineer in Ukraine, provide for his son Ivan who requires a bone marrow transplant operation. The cost of this operation is expected to be between €150,000 - €250,000 ($235,000 - $400,000). Please help us provide Ivan a chance to live.

More information can be found here: http://www.mysql.com/about/help-ivan.html

I got good news for all users. GreenSQL was featured at Linux.com website!!!
Here is the direct link: http://www.linux.com/feature/145341

I have good news for the article readers. Next version will be distributed with pre-build package for Fedora. In addition, the DELETE query will be handled appropriately. Here you can find complete details.

Next version will be released withing a week or 2.

Best regards,
Yuli

Hello my friends,

I am working on this project quite a lot of time. I must admit that we have made a great job making stable version of GreenSQL. Still an existing version lacks a number of features that prevents us from running it in full production mode.

Few days ago I submitted GreenSQL project to olhoh.net website. This website collects a impressive amount of information about open source projects. I was very impressed by the amount of data they are able to extract from application sources.

I liked it much. I would like to ask those of you that have account at ohloh.net website to vote for our project. You can do it here: http://www.ohloh.net/projects/greensql

Thanks,
Yuli

Yesterday I released new application version. I fixed a number of critical bugs and I advice you to update. In addition I have improved FreeBSD package.

The following bugs were fixed:

• C++ like comments were not handled correctly
• Reloading of the log file.

Application crashed when C++ like comments were not closed. For example:
select * from user='abc' /*' and pass = 'pwd'
During last weekend I traced this bug and found it to be a problem in SQL tokenizer module. I fixed this bug in the new application version.

During the last week I was working on FreeBSD package of GreenSQL. Finally it is ready. This package creates greensql user used to run the application, creates a number of configuration and documentation files. Finally it creates main application binary and a start-up script.

Take into account this is a first release of greensql installation package fr FreeBSD. If you will have any issues with this package, please ask for help in the greensqsl support forum.

Hi All

This time I have very good news. I have just released new application version. Basically this time greensql-fw and greensql-console packages were updated. In brief, the following was implemented:

• New risk engine mechanism. This time it is much more powerful and db firewall is able to cope with complicated SQL queries and find SQL tautologies.
• While installing Debian/Ubuntu package, configuration database will be created automatically.
• GreenSQL-Console is now much more user friendly.
• A bunch of bugs were fixed.

The website was offline for more than 2 month. During this time, I continued working on the application engine improving sql risk engine.

Website was offline, because of the hardware failure. Now, after spending more than 2 month trying to recover by data from the hosting company I decided to start from scratch. I spend almost 2 week recovering almost everything. I had to rebuild SQL Injection test page. Forum backups are not available, so you will have start talking a lot ;)

In this week I plan to finish the GreenSQL howto document.

During this weekend I found an excellent article on Internet. It explains in details how one can perform blind SQL injection against MySQL. For interested parties you can find it here:

• http://www.reversing.org/node/view/13

While reading it I found a number of SQL operations that skillful hacker can use it order to exploit SQL injection vulnerability. He can use the following commands:

• current_user(), system_user(), session_user()
• version()
• database()
• into outfile
• load file