HomeBlogsyuli's blog

New production quality version is comming

Posted August 6th, 2008 by yuli

Hello my friends,

I am working on this project quite a lot of time. I must admit that we have made a great job making stable version of GreenSQL. Still an existing version lacks a number of features that prevents us from running it in full production mode.

It happens because skillful attacker can outsmart our risk calculation matrix. GreenSQL database firewall can not block all SQL injections when an attacker knows internal database structure. Our system must still provide full level of protection in order to block such smart attacks. We plan to add support for learning period and make sure that during this period we will learn all queries. After learning period is over (which can be configured automatically or manually), all new queries will be blocked. All these new queries will be considered as hazardous. We will use risk calculation matrix to help the administrator to analyze these new queries.

I would like to use this possibility and share with you my plans for the next GreenSQL version. In exchange, I would like to know what features are most important for you and what things you think must be done till then.

Next version will have the following features:

  • Block of all new queries that do not appear in a white-list + print associated risk for these queries.
  • Block queries based on the risk calculation + validation in whitelist ( this is how GreenSQL works now).
  • Disable blocking, just report suspicious queries.
  • Fix all risk calculation bugs reported so far (sub-select issue, bruteforce issue, delete/update issues, true constants issues).
  • More pre-build packages for your favorite Linux distro.

In order to block of all new queries that do not appear in a white-list we will have to add support for learning mode. It will work as followed:

  • Enable learning mode for new databases.
  • Automatically approve all queries during learning period (they will be stored in the white-list).
  • After learning mode is over, ALL NEW queries will be automatically blocked.
  • Show risk associated with each new query based on our risk scoring matrix.

In order to do it, we will have to change database structure, greensql-console and greensql-fw applications.

Best regards,
Yuli

Back to top