Updated on 2022-12-30 GMT+08:00

Adding an SQL Injection Rule

You can add SQL injection rules to audit your databases.

Prerequisites

  • You have purchased a database audit instance and the Status is Running.
  • You have added a database and enabled database audit.
  • A database has been added.

Procedure

  1. Log in to the management console.
  2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. Click Add Rule and configure parameters. For more information, see Table 1.

    Figure 1 Adding an SQL Injection Rule
    Table 1 SQL injection rule parameters

    Parameter

    Description

    Example Value

    Name

    Name of an SQL rule.

    Postal Code SQL injection Rule

    Risk Level

    Level of risks matching a SQL rule. Its value can be:

    • High
    • Moderate
    • Low
    • No risk

    Moderate

    Status

    Enables or disables an SQL injection rule.

    • : enabled
    • : disabled

    Test Regular Expression

    Regular expression that checks for content in certain pattern.

    ^\d{6}$

    Data

    Content that matches the regular expression.

    Enter content and click Test to verify that the regular expression works properly.

    628307

    Result

    Test result. It can be:

    • Hit
    • Miss
      NOTE:

      If the test result is Hit, the regular expression is correct.

      If the test result is Miss, the regular expression is incorrect.

    Hit

  4. Confirm the information and click OK.