Managing SQL Injection Rules
You can disable, enable, edit, delete, and set priorities for SQL injection rules. The preset SQL injection rules of database audit are enabled by default.
Prerequisites
- The database audit instance is in the Running state.
- Before enabling an SQL injection rule, ensure that the rule is in the Disabled state.
- Before disabling an SQL injection rule, ensure that the rule is in the Enabled state.
Constraints and Limitations
- One piece of audited data can match only one SQL injection rule.
- Only custom rules can be edited and deleted. Default rules can only be enabled or disabled.
Managing SQL Injection Rules
- Log in to the DBSS console.
- Click
in the upper left corner on the displayed page and select a region. - In the navigation tree on the left, choose Rules.
- In the Instance drop-down list, select an instance.
- Click the SQL Injection tab.
Enabling an SQL Injection Rule
- In the Operation column of the row containing the SQL injection rule, click Enable. Figure 1 Enabling an SQL injection rule
- Check the SQL injection rule status. It will change to Enabled.
Disabling an SQL Injection Rule
The preset SQL injection rules are enabled by default. You can disable them as required. When an SQL injection rule is disabled, the audit rule does not take effect.
- Locate the SQL injection rule you want to disable, and click Disable in the Operation column. Figure 2 Disabling an SQL injection rule
- Check the SQL injection rule status. It will change to Disabled.
Setting the SQL Injection Rule Priority
- In the Operation column of an SQL injection rule, click Set Priority.
- In the displayed dialog box, select a number in the Priority drop-down list. A smaller number indicates a higher priority. Click OK. Figure 3 Setting the priority
Editing an SQL Injection Rule
- In the Operation column of a rule, click Edit. For details, see Table 1. Figure 4 Editing an SQL injection rule
Table 1 SQL injection rule parameters Parameter
Parameters
Example Value
Rule Name
Name of an SQL rule, which can be customized.
Postal Code SQL Injection Rule
Risk Level
Level of risks matching an SQL rule. Its value can be:
- High
- Medium
- Low
- No risk
Medium
Status
Indicates the SQL injection rule is enabled or disabled.
- Enabled
- Disabled
Enabled
Regular Expression
A regular expression that checks for content in a certain pattern.
^\d{6}$
Raw Data
Content that matches the regular expression.
Enter content and click Test to verify that the regular expression works properly.
628307
Result
Test result. It can be:
- Hit: The regular expression is correct.
- Missed: The regular expression is incorrect.
Missed
- Confirm the information and click OK.
Deleting an SQL Injection Rule
- In the Operation column of a rule, click Delete. Figure 5 Deleting an SQL injection rule
- In the displayed dialog box, enter DELETE and click OK.
After an SQL injection rule is deleted, if you need to configure SQL injection rule for the instance, add the rule again.
References
- You can add an audit scope rule. For details, see Configuring an Audit Scope Rule.
- You can add a risky operation rule to audit risky operations on databases. For details, see Managing Risky Operation Rules.
- To mask sensitive information in entered SQL statements, you can enable the function of masking privacy data and configure masking rules to prevent sensitive information leakage. For details, see Configuring Privacy Data Protection Rules.
- You can add trusted SQL statements to the whitelist. Database audit will ignore whitelisted SQL statements. For details, see Configuring SQL Whitelist.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot