The penalty points can be adjusted to meet specific customer needs. For example, if a query contains OR expression it’s awarded 10 points. Every query to the database is evaluated and penalty points are awarded. Protection against SQL queries is based on the system of penalty points. In the picture below you can see the parameters you can set to protect your databases against SQL injections. As we’re talking today about how DataSunrise can protect you against SQL injections, the Filter Statements subsection has a specific section for that.In the picture we’ve specified the postgres user of the Postgres database. In the Filter Sessions you can specify for which user or a group of users you’re setting the security rule for.If you want DataSunrise to ignore a specific query check the Allow action. For more detailed information please refer to the DataSunrise User Guide and DataSunrise Administrator Guide. In the Action subsection you can specify to log all events in storage, a blocking method, schedule and subscriber.In the Comment section you can add any comments on the current rule. After that select the database type and instance. In order to set up a security rule with DataSunrise you need to do the following: This security tool works based on a set of security rules that are highly versatile and customizable. One of the ways to protect your databases against SQL injections is to use Database Security module included in DataSunrise Database Security Suite. In most cases, a hacker is able to modify or delete the data, which leads to data exposure and loss, or makes persistent changes to the application’s content or behavior. As a result, the attacker can view and retrieve data that is normally hidden. The attacker interferes with the queries from this web application directed at the database. SQL injection is a web security vulnerability that allows a cybercriminal to get access to a database through a web application linked to this database.
0 kommentar(er)
