If you are not part of 36 percent(1) of respondents have taken steps to ensure your applications are not subject to SQL injection attacks, it would be worth your time to look at the Oracle Database Firewall and the GreenSQL Database Firewall.
Those that missed the Defend MySQL Database with Oracle Database Firewall On-Demand Webcast can now watch it on-demand. The Oracle Database Firewall establishes a defensive perimeter around databases, while monitoring and enforcing normal application behavior in real-time to help prevent SQL injection attacks as well as unauthorized attempts to access sensitive information. It protects MySQL databases against data breaches without requiring any changes to existing applications, the database infrastructure or the existing operating system of the target database. This is a very quick but comprehensive webcast.
This morning I talked with David Maman, the CTO of GreenSQL. They also have a database firewall product (MySQL, MSSQL, PostgreSQL, and soon Oracle). It also is a proxy service between the application and the database server. This product started life as an Open Source product but was reborn with as its own entity with all new code and some neat features.
Once clever feature is the ability to mask columns in a database from a user or group of users so that a DBA or programmer could not see credit card type data for PCI compliance. So the unauthorized see a bogus number in the column while the authorized can see the real data. GreenSQL is written in C++/assembler and runs on Windows and/or Linux. It can also cache data and provide fall over to a backup server.
Both are flexible and offer policy based rules to guard you data. Both can learn what your data is supposed to look like and both can reject bad queries. And both can aid in audits of who is access which data. But you will have to decided which is better for your environment.
- “Databases Are More at Risk Than Ever: 2011 IOUG Data Security Survey,” October 2011