Results 1 to 4 of 4
  1. #1
    Join Date
    Aug 2004
    Location
    Karachi, Pakistan
    Posts
    747

    Reverse Proxy and SQL Injection.

    Does deploying a reverse proxy in front of the web/db server reduce the threat of SQL injection?

    Emphasis on 'reduce' the threat - or does it provide no help at all?

    Comments/experiences welcome.
    "I drink too much. The last time I gave a urine sample it had an olive in it. ".
    Rodney Dangerfield (from "I Get No Respect!").

  2. #2
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,549
    If it is just proxying requests, no. I did see some project the other day (not tried it however) called greensql which looks to be a mySQL proxy specifically for filtering such things, weather it is stable or secure I would not know and I strongly suggest you test it and review it first before putting it into production.
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: [email protected]

  3. #3
    Join Date
    Aug 2004
    Location
    Karachi, Pakistan
    Posts
    747
    @Scott.Mc

    I've earmarked GreenSQL - however haven't tested it. The limiting factor is that is only for MySQL. Most of my clients are on MS SQL.
    "I drink too much. The last time I gave a urine sample it had an olive in it. ".
    Rodney Dangerfield (from "I Get No Respect!").

  4. #4
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,549
    Pretty much what I said in my initial response does apply, proxys won't filter the traffic by default. There *may* be specific ones which are designed for this like the one I mentioned greensql but I wouldn't rely on such products.

    Truth is such pattern matching isn't going to match everything so nothing can really 100% prevent against a badly written application outside of writing it securely.
    Server Management - AdminGeekZ.com
    Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
    WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
    Check our wordpress varnish plugin. Contact us for quote: [email protected]

Similar Threads

  1. vps reverse proxy
    By johnts in forum Hosting Security and Technology
    Replies: 3
    Last Post: 06-07-2009, 02:02 PM
  2. Apache2 Reverse Proxy
    By andretenreiro in forum Hosting Security and Technology
    Replies: 2
    Last Post: 04-27-2009, 07:09 AM
  3. a reverse proxy on VPS
    By vmartchenko in forum VPS Hosting
    Replies: 2
    Last Post: 05-12-2007, 02:07 PM
  4. reverse proxy hosting
    By kamen123 in forum Web Hosting
    Replies: 4
    Last Post: 12-08-2005, 10:32 PM
  5. Reverse Proxy + Cpanel?
    By DeltaAnime in forum Dedicated Server
    Replies: 0
    Last Post: 10-04-2004, 01:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •