2008/3/31, Darden, Patrick S. <darden_at_armc.org>:
> I don't know of a level 4 above, which would be:
>
> 4. application proxy (SQL proxy that filters out all queries by default except those that match specific criteria, i.e. a SQL whitelist ruleset)
(Actually SQL injection is in the http request, and in case of POST,
also in the body. So you need a http proxy to defend against it on a
firewall.)
>
> I think if someone did make such a beastie, it would make waves.
Well, some 7 years ago we also thought so. So we created Zorp.
Very few have shown interest since (well, we can give food to a bunch
of developers, but no world domination still), and even fewer use more
than a tenth of its features.
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Mar 31 2008
Intro
