Database Security Service
Database Security Service
- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Process Overview
- Purchasing Database Audit
- Step 1: Add a Database
- Step 2: Add an Agent
- Step 3: Download and Install the Agent
- Step 4: Add a Security Group Rule
- Step 5: Enable Database Audit
- Configuring Audit Rules
- Viewing Audit Results
- Notification Settings Management
- Viewing Monitoring Information
- Backing Up and Restoring Database Audit Logs
-
Other Operations
- Managing Database Audit Instances
- Viewing the Instance Overview
- Managing Databases and Agents
- Uninstalling an Agent
- Management an Audit Scope
- Viewing Information About SQL Injection Detection
- Managing Risky Operations
- Managing Privacy Data Protection Rules
- Managing Audit Reports
- Managing Backup Audit Logs
- Viewing Operation Logs
- Key Operations Recorded by CTS
- Monitoring
- Permission Control
- Best Practices
-
FAQs
- Product Consulting
-
Purchase
- Which Subnet Should I Choose When Purchasing an Instance?
- Why Do I Need to Select a VPC When Buying an Instance?
- How Many Database Audit Instances Can I Purchase in the Same Region?
- What Do I Do If a Message Indicating Insufficient Quota Is Displayed During Instance Purchase?
- How Do I Renew Database Audit?
- How Do I Unsubscribe from DBSS?
-
Functions
- Can Database Audit Be Used Across AZs?
- Does Database Audit (in Bypass Mode) Affect My Services?
- Can Database Audit Be Shared by Multiple Accounts?
- What Are the Functions of Database Audit?
- What Databases Does Database Audit Support?
- What OSs Can I Install the Database Audit Agent On?
- Does Database Audit Support Bidirectional Audit?
- Can I Audit Databases Across Different VPCs?
- Can Applications Using TLS Connections Be Audited?
- How Long Is the Database Audit Data Stored by Default?
- How Soon Can I Receive an Alarm Notification If an Exception Occurs in Database Audit?
- Is the Total Number Of Alarms Every Day the Same as that of Emails?
- Why I Cannot Preview the Database Security Audit Report Online?
- If I Use Middleware at the Service Side, Will It Affect Database Audit?
- Can DBSS Capture SQL Statements Executed by Third-Party Tools?
- Can DBSS Be Deployed Off the Cloud?
- Can I Change the VPC of a DBSS Instance?
- How Do I Interconnect with DBSS Audit Data Storage?
- What Should I Do If an Alarm of Insufficient DBSS Capacity Is Displayed?
-
Agent
- Which Functions Do the Database Audit Agent Provide?
- On What Windows Versions Can I Install the Agent?
- On What Linux OSs Can I Install the Agent?
- What Is the Process Name of the Database Audit Agent?
- (Linux OS) What Should I Do If I Lack the Permission to Run the Agent Installation Script?
- (Linux OS) Where Are the Logs of the Database Audit Agent Saved?
- When Should I Select an Existing Agent?
- What Do I Do If the Database Audit Agent Is Hibernating?
- How Do I Deploy the Agent If I Have an RDS Database That Connects to Multiple ECSs?
- How Do I Determine Where to Install an Agent?
- How Do I Run a Database Audit Agent?
- How Do I Check the Status of the Database Audit Agent?
- How Do I Download a Database Audit Agent?
- How Do I Uninstall a Database Audit Agent?
- Can I Modify the CPU and Memory Thresholds of the Agent?
- How Do I Install the Agent (in Linux OS)?
- How Do I Install the Agent (in Windows OS)?
- What Do I Do If the Communication Between the Agent and Database Audit Instance Is Abnormal?
- How Many Resources Are Consumed by an Agent When It Runs on a Node?
- What Do I Do If Agent Installation Fails?
- What Do I Do If the Error Message "unsupport this Linux version, please check your Linux version with install document!" Is Displayed During Agent Installation?
-
Operations
- How Do I Configure Database Audit?
- How Do I Disable SSL for a Database?
- How Do I Set the INSERT Audit Policy for Database Audit?
- How Do I Verify My Database Audit Configuration?
- How Do I Set Database Audit Rules for All Databases?
- How Do I Check the Version of Database Audit?
- How Do I View All Alarms in Database Audit?
- How Do I Audit an RDS Database Accessed through Intranet (by Applications Off the Cloud)?
- Troubleshooting
-
Logs
- Can the Operation Logs of Database Audit Be Migrated?
- How Long Are the Operation Logs of Database Audit Saved by Default?
- How Do I Check the Operation Logs of Database Audit?
- How Does Database Audit Process Logs?
- How Do I Back Up the Database Audit Logs?
- Can Database Audit Logs Be Directly Saved to OBS?
- Backup Gets Stuck at the Backup File Uploading Phase
- Change History
- Videos
On this page
Help Center/
Database Security Service/
User Guide/
Configuring Audit Rules/
Enabling or Disabling SQL Injection Detection
Enabling or Disabling SQL Injection Detection
Updated on 2024-12-19 GMT+08:00
SQL injection detection is enabled by default. You can disable or enable the detection rules.
NOTICE:
One piece of audited data can match only one SQL injection detection rule.
Prerequisites
- You have purchased a database audit instance and the Status is Running.
- You can enable SQL injection detection when the status is Disabled.
- You can disable SQL injection detection when the status is Enabled.
Disabling SQL Injection Detection
SQL injection detection is enabled by default. You can disable the detection rules as required. When an SQL injection detection rule is disabled, the audit rule does not take effect.
- Log in to the management console.
- Select a region, click
, and choose Security & Compliance > Database Security Service. The Dashboard page is displayed. - In the navigation tree, choose Rules.
- In the Instance drop-down list, select the instance for which you want to disable SQL injection detection.
- Click the SQL Injection tab.
NOTE:
Only user-defined rules can be edited and deleted. Default rules can only be enabled and disabled.
- In the Operation column of a rule, click Set Priority. In the displayed dialog box, select a priority. The smallest number indicates the highest priority. Click OK.
Figure 1 Configuring the priority
- Locate the SQL injection rule you want to disable, and click Disable in the Operation column.
Figure 2 Disabling an SQL injection detection rule
When the status of an SQL injection detection rule is Disabled, SQL injection detection is disabled successfully.
- In the Operation column of a rule, click Edit. Configure parameters and click OK.
Figure 3 Editing an SQL injection rule
Table 1 SQL injection rule parameters Parameter
Description
Example Value
Name
Name of an SQL rule.
Postal Code SQL injection Rule
Risk Level
Level of risks matching a SQL rule. Its value can be:
- High
- Moderate
- Low
- No risk
Moderate
Status
Enables or disables an SQL injection rule.
: enabled
: disabled
Test Regular Expression
Regular expression that checks for content in certain pattern.
^\d{6}$
Data
Content that matches the regular expression.
Enter content and click Test to verify that the regular expression works properly.
628307
Result
Test result. It can be:
- Hit
- Miss
NOTE:
If the test result is Hit, the regular expression is correct.
If the test result is Miss, the regular expression is incorrect.
Hit
- In the Operation column, click Delete.
Follow-Up Procedure
To restart an SQL injection detection rule, click Enable in the Operation column of the target rule.
Figure 4 Enabling an SQL injection detection rule
When the status of an SQL injection detection rule is Enabled, SQL injection detection is enabled successfully.
Parent topic: Configuring Audit Rules
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
