View Single Post
  #1   (View Single Post)  
Old 15th February 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Oracle releases database firewall

From http://www.h-online.com/security/new...l-1189611.html

Quote:
The product uses white lists and black lists containing permitted and prohibited SQL commands. Statements that are not included in the white list can be blocked, substituted or simply logged by the firewall.

In a white paper, Oracle suggests using substitutions as the default operation as this will provide attackers with as little information as possible. For example, instead of SELECT * FROM table the firewall could execute SELECT * FROM table WHERE 'a'='b' which doesn't return any records. Similarly, instead of DROP TABLE table, if the command SELECT * FROM xxx was used it would make the database attempt to access a non-existent table and trigger an error message.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote