Protects your data by inspecting incoming queries from your application server and rejecting abnormal ones. It also supports data masking to avoid data leaks.
For example, this is how web server normally interacts with database server:
By adding DBShield in front of database server we can protect it against abnormal queries and apply masking to database responses. To detect abnormal queries we first run DBShield in learning mode. Learning mode lets any query pass but it records information about it (pattern, username, time and source) into internal database.
After collecting enough patterns we can run DBShield in protect mode. Protect mode can distinguish abnormal query patterns, request time, user and source and take action based on configurations. It can also replace results of normal queries by applying data masking (ex. replace each digit of CC number by "X" except the last three digits)
$ go get github.com/nim4/DBShield
then you can execute it like:
$ $GOPATH/bin/DBShield -f $GOPATH/src/github.com/nim4/DBShield/conf/dbshield.yml
| Database | Protect | Data Masking |
|---|---|---|
| MariaDB | Yes | Yes |
| MySQL | Yes | Yes |
| Oracle | Yes | No |
- Add Masking support for Oracle Database
- Add Microsoft SQL Server
- Add Postgres