Pentest Tools

Published on May 1st, 2015 📆 | 5299 Views ⚑


SQLassie – Effective Database Security

chinese tts

SQLassie is a free MySQL database firewall that prevents SQL injection attacks at runtime. SQLassie uses Bayesian classifiers to determine the likelihood of a query being an attack. This approach produces fewer false positives than other similar approaches.


SQLassie prevents injection attacks before they have a chance to run.


Protection is instantaneous - just point your web applications at SQLassie and you're done!


SQLassie tracks suspicious queries, classifies them based on their intent, and logs this information for further review.


SQLassie can be used as a passive intrusion detection system or as an active intrusion prevention system.


SQLassie is free and being constantly updated and improved. Have a problem or feature request? Let us know!

[adsense size='1']


SQLassie currently only supports MySQL. To start SQLassie, you'll need to configure how SQLassie connects to the MySQL server, start SQLassie listening on a different port that is now protected, and then configure your applications to connect through this alternate port instead of directly to MySQL.

As an example, consider a scenario where you have a MySQL database engine running and listening for connections on the domain socket AfmKZaAl.pngvarAfmKZaAl.pngrunAfmKZaAl.pngmysqlAfmKZaAl.pngmysqld.sock and are running a MediaWiki installation.
First, start SQLassie using

.AfmKZaAl.pngsqlassie -s AfmKZaAl.pngvarAfmKZaAl.pngrunAfmKZaAl.pngmysqlAfmKZaAl.pngmysqld.sock -l 3307
Then, edit MediaWiki's configuration file LocalSettings.php connect to port 3307.

$wgDBServer = ""

Note that you can't use localhost here; by default, MySQL interprets localhost as a request to use the direct database domain socket connection, and most web applications behave this way as well. Therefore, you have to use the explicit string in order to force connections to go through the TCP port. Check your application's documentation for more information.

Download SQLassie

Tagged with:

Comments are closed.