March 17, 2014 at 3:24 pm
What do you do as a dba to eliminate sql injection? application code can not be changed or altered. Or if it happens, what kind of logs do you collect everyday to analyze later?
March 17, 2014 at 3:29 pm
My recommendation in this case is probably to purchase a third party product to watch out for sql injection for you.
Best,
Kevin G. Boles
SQL Server Consultant
SQL MVP 2007-2012
TheSQLGuru on googles mail service
March 17, 2014 at 3:57 pm
Any recommendation on third party tools. I was looking into the default trace too. How about setting up a server side trace that logs all the security section of the profiler and save it in a network share?
March 17, 2014 at 7:59 pm
studySQL (3/17/2014)
Any recommendation on third party tools. I was looking into the default trace too. How about setting up a server side trace that logs all the security section of the profiler and save it in a network share?
Default trace won't be helpful because it doesn't capture much. Profiler in general won't help you. Suppose you captured every statement run against one database. What type of analysis would you do to identify SQL Injection from that massive amount of text?
I wouldn't be the correct person to make a recommendation on 3rd party tools, having never implemented or used one for a client.
Best,
Kevin G. Boles
SQL Server Consultant
SQL MVP 2007-2012
TheSQLGuru on googles mail service
March 18, 2014 at 8:17 am
studySQL (3/17/2014)
What do you do as a dba to eliminate sql injection? application code can not be changed or altered. Or if it happens, what kind of logs do you collect everyday to analyze later?
I'm more interested in what app you're using that allows SQL injection and cannot be changed or altered!
March 18, 2014 at 11:13 am
patrickmcginnis59 10839 (3/18/2014)
studySQL (3/17/2014)
What do you do as a dba to eliminate sql injection? application code can not be changed or altered. Or if it happens, what kind of logs do you collect everyday to analyze later?I'm more interested in what app you're using that allows SQL injection and cannot be changed or altered!
I bet there are a BUNCH of them out there. I see opportunities for this at clients regularly. Very sad, and scary!
Best,
Kevin G. Boles
SQL Server Consultant
SQL MVP 2007-2012
TheSQLGuru on googles mail service
March 18, 2014 at 11:55 am
GreenSQL is in the space for this. It sits between the app server and the database server. However, no solution is perfect.
Some IDS/IPS can help as well. But they'll typically have signatures that alert for the most glaring examples. For instance, the use of xp_cmdshell. But in that case, you'll need the IPS in-line and configured to block in those cases. That could mean legitimate activity is blocked as well.
K. Brian Kelley
@kbriankelley
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply