Linux Windows Go Report Card codecov Dev chat GoDoc MIT licensed
Protects your data by inspecting incoming queries from your application server and rejecting abnormal ones.
For example, this is how web server normally interacts with database server:
By adding DBShield in front of database server we can protect it against abnormal queries. To detect abnormal queries we first run DBShield in learning mode. Learning mode lets any query pass but it records information about it (pattern, username, time and source) into the internal database.
After collecting enough patterns we can run DBShield in protect mode. Protect mode can distinguish abnormal query pattern, user and source and take action based on configurations.
For demo, we are using sqlmap(automatic SQL injection and database takeover tool) to exploit the SQL injection vulnerability at user.php
In the first scenario, the sqlmap successfully exploits the SQL injection when web application connected directly to the database(MySQL), In the second scenario, we modify the user.php so DBShield gets between the web application and database which will drop the injection attempt and make sqlmap fail.
CLI
$ go run main.go
2016年10月15日 16:25:31 [INFO] Config file: /etc/dbshield.yml
2016年10月15日 16:25:31 [INFO] Internal DB: /tmp/model/10.0.0.21_postgres.db
2016年10月15日 16:25:31 [INFO] Listening: 0.0.0.0:5000
2016年10月15日 16:25:31 [INFO] Backend: postgres (10.0.0.21:5432)
2016年10月15日 16:25:31 [INFO] Protect: true
2016年10月15日 16:25:31 [INFO] Web interface on https://127.0.0.1:8070/
2016年10月15日 16:25:33 [INFO] Connected from: 10.0.0.20:35910
2016年10月15日 16:25:33 [INFO] Connected to: 10.0.0.21:5432
2016年10月15日 16:25:33 [INFO] SSL connection
2016年10月15日 16:25:34 [DEBUG] Client handshake done
2016年10月15日 16:25:34 [DEBUG] Server handshake done
2016年10月15日 16:25:34 [INFO] User: postgres
2016年10月15日 16:25:34 [INFO] Database: test
2016年10月15日 16:25:34 [INFO] Query: SELECT * FROM stocks where id=-1 or 1=1
2016年10月15日 16:25:34 [WARN] Pattern not found: [53 55 51 52 55 52 50 53 55 51 53 49 115 116 111 99 107 115 53 55 51 53 50 105 100 54 49 52 53 53 55 51 55 57 53 55 52 48 52 53 55 51 55 57 54 49 53 55 51 55 57] (SELECT * FROM stocks where id=-1 or 1=1)
2016年10月15日 16:25:34 [WARN] Dropping connection
Web Interface
Get it
$ go get -u github.com/nim4/DBShield
Then you can see help using "-h" argument:
$ $GOPATH/bin/DBShield -h
DBShield 1.0.0-beta3
Usage of DBShield:
-a get list of abnormal queries
-c file
config file (default "/etc/dbshield.yml")
-h show help
-k show parsed config and exit
-l get list of captured patterns
-version
show version
and run it with your configuration, like:
$ $GOPATH/bin/DBShield -c config.yml
⚠️ WARNING: Do NOT use default certificates in production environments!
| Database | Protect | SSL |
|---|---|---|
| DB2 | Yes | No |
| MariaDB | Yes | Yes |
| MySQL | Yes | Yes |
| Oracle | Yes | No |
| Postgres | Yes | Yes |
(Sorted by priority)
- Improve documentation
- Add Microsoft SQL Server
- Add more command-line arguments
- Get 90% test coverage
- Support Oracle SSL