Protecting against SQL injection attacks v16

EDB Postgres Advanced Server provides protection against SQL injection attacks. A SQL injection attack is an attempt to compromise a database by running SQL statements whose results provide clues to the attacker as to the content, structure, or security of that database.

Preventing a SQL injection attack is normally the responsibility of the application developer. The database administrator typically has little or no control over the potential threat. The difficulty for database administrators is that the application must have access to the data to function properly.

SQL/Protect:

  • Allows a database administrator to protect a database from SQL injection attacks
  • Provides a layer of security in addition to the normal database security policies by examining incoming queries for common SQL injection profiles
  • Gives the control back to the database administrator by alerting the administrator to potentially dangerous queries and by blocking these queries.

sql_protect_overview configuring_sql_protect common_maintenance_operations backing_up_restoring_sql_protect

SQL/Protect overview

Provides an overview about how SQL/Protect guards against different types of SQL injection attacks

Configuring SQL/Protect

Describes the various ways you can configure SQL/Protect

Common maintenance operations

Describes how to perform routine maintenance tasks using SQL/Protect

Backing up and restoring a SQL/Protect database

Describes how to back up and then restore databases configured with SQL/Protect