SQLassie is a free MySQL database firewall that prevents SQL injection attacks at runtime. SQLassie uses Bayesian classifiers to determine the likelihood of a query being an attack. This approach produces fewer false positives than other similar approaches.
SQLassie prevents injection attacks before they have a chance to run.
Protection is instantaneous - just point your web applications at SQLassie and you're done!
SQLassie tracks suspicious queries, classifies them based on their intent, and logs this information for further review.
SQLassie can be used as a passive intrusion detection system or as an active intrusion prevention system.
SQLassie is free and being constantly updated and improved. Have a problem or feature request? Let us know!
SQLassie currently only supports MySQL. To start SQLassie, you'll need to configure how SQLassie connects to the MySQL server, start SQLassie listening on a different port that is now protected, and then configure your applications to connect through this alternate port instead of directly to MySQL.
As an example, consider a scenario where you have a MySQL database engine running and listening for connections on the domain socket
/var/run/mysql/mysqld.sockand are running a MediaWiki installation.
First, start SQLassie using
Then, edit MediaWiki's configuration file
./sqlassie -s /var/run/mysql/mysqld.sock -l 3307
LocalSettings.phpconnect to port 3307.
$wgDBServer = "127.0.0.1:3307"
Note that you can't use localhost here; by default, MySQL interprets
localhostas a request to use the direct database domain socket connection, and most web applications behave this way as well. Therefore, you have to use the explicit string
127.0.0.1in order to force connections to go through the TCP port. Check your application's documentation for more information.