Free database firewall protects PostgreSQL and MySQL
Version 1.2 of GreenSQL is now able to protect PostgreSQL as well as MySQL. GreenSQL is designed to protect databases against SQL injection attacks and other unauthorised changes, in a similar fashion to a firewall protecting a network against TCP/IP outside attacks. The new version also provides a graphical user interface for monitoring the database firewall.
GreenSQL is run as a proxy between applications and database servers. It actively analyses the incoming SQL commands and can then act on the results according to the selected mode. Simulation mode blocks nothing but records the analysis in GreenSQL's own database and notifies the administrator of suspicious queries. Blocking mode on the other hand uses the database and it's heuristic engine to find and block suspicious queries.
A learning mode allows fine tuning of the engine and an active protection mode allow administrators to automatically block SQL queries that the database firewall hasn't seen before. The database firewall detects the risk of a query by analysing it's access to sensitive tables, presence of comments, empty passwords and 'or' tokens in the query or expressions that always return true (such as 1=1). It is also sensitive to administrative commands, commands that change the structure of the database or ones that access system files. A whitelist allows these "illegal" queries to be processed.
GreenSQL is available as binaries to download for CentOS 5.4, Debian 5.0, Fedora 12, Ubuntu 8.10 and 9.04, and as GPL2 licensed source code.