SQL Injection refers to the behavior of cheating the server and executing a malicious SQL command by inserting the same SQL command into a Web form for submission or entering the query character string of the domain name/page request. SQL Injection is a kind of malicious attack that seriously jeopardizes the database's data security. DB Firewall can identify, record SQL Injection behaviors, send users SMS and mail alarms online. It can also help users intercept these access behaviors to improve the RDS data security.

Baidu AI Cloud supports users to enable DB firewall features on a proxy instance, and provides SQL Injection auditing.

DB Firewall Feature Enabling Flow

DB Firewall Feature Enabling Flow is as follows:

1. Create Proxy Instance
2. Register proxy instance public network IP, and test the proxy instance's connectivity.
3. Create proxy instance account and set password.
4. Enable DB firewall and select security model.
5. Replace the domain name or IP of the original database master instance, account, and password in the service program with proxy instance's domain name, or IP, account, and password.

For operation details from Step 1 to Step 3, see Use Proxy Instance .

Operating Steps

1. On the instance's "Security" page, select the "DB firewall" tab for DB firewall setting. If the instance is master instance, enter the corresponding proxy instance for setting. On the proxy instance's "Security" page, click the "Edit" button to manage the DB firewall feature.

Notes:

1. If the DB firewall is enabled, it reinforces the defense against SQL Injection, etc. The influence by SQL response time is little, and each piece of SQL has the delay increased by 0.1MS.

2. After DB firewall is enabled, the user may select a specific security model.

   • Alert: identify injection and write it into the audit, without blocking SQL execution;
   • Block: identify injection and write it into the audit, blocking SQL execution.

2. After enabling the DB firewall feature, the user can view the statistics of SQL Injection behaviors through the SQL Injection audit page, and classify these behaviors by time, database, and account.

   Note: To confirm statements other than SQL Injection, click "Added into SQL Whitelist" in the action bar. "Added into SQL Whitelist" feature lets go of statements other than SQL Injection.

SQL Injection Alarm

SQL Injection Alarm notice policy:

Sum up injection details of five minutes, and send the user alarm mail and SMS, or send no mail or SMS in case of no injection. When you have enabled the DB firewall feature, you can receive the SQL Injection Alarm notification in the interception model or alarm model if SQL Injection occurs.

SQL Injection Alarm content example:

On your cloud database RDS instance "rdsproxy/rdsplrg92w5cmac", five SQL Injections are detected and not intercepted. To ensure data security, you can go to "Baidu AI Cloud -> RDS ->Proxy instance -> Security-> DB firewall", and view the detailed injection information. Thanks for your support!

Subscribe and unsubscribe SQL Injection Alarm:

You can view SQL Injection Alarm subscription status in the "Message center -> message receiving settings -> security message －> alarm and recovery notice", as well as add "Message recipient". Since SQL Injection has a critical influence on database security, the system sends a notice through mail or SMS by default, and unsubscription is not allowed.