command module
v0.0.0-...-c888d9e Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 24, 2017 License: MIT Imports: 5 Imported by: 0


Linux Windows Go Report Card codecov Dev chat GoDoc MIT licensed


Protects your data by inspecting incoming queries from your application server and rejecting abnormal ones.

How it works?

For example, this is how web server normally interacts with database server:

Sample Web Server and DB

By adding DBShield in front of database server we can protect it against abnormal queries. To detect abnormal queries we first run DBShield in learning mode. Learning mode lets any query pass but it records information about it (pattern, username, time and source) into the internal database.

Learning mode

After collecting enough patterns we can run DBShield in protect mode. Protect mode can distinguish abnormal query pattern, user and source and take action based on configurations.

Protect mode


For demo, we are using sqlmap(automatic SQL injection and database takeover tool) to exploit the SQL injection vulnerability at user.php

In the first scenario, the sqlmap successfully exploits the SQL injection when web application connected directly to the database(MySQL), In the second scenario, we modify the user.php so DBShield gets between the web application and database which will drop the injection attempt and make sqlmap fail.


Sample Outputs


$ go run main.go
2016/10/15 16:25:31 [INFO]  Config file: /etc/dbshield.yml
2016/10/15 16:25:31 [INFO]  Internal DB: /tmp/model/
2016/10/15 16:25:31 [INFO]  Listening:
2016/10/15 16:25:31 [INFO]  Backend: postgres (
2016/10/15 16:25:31 [INFO]  Protect: true
2016/10/15 16:25:31 [INFO]  Web interface on
2016/10/15 16:25:33 [INFO]  Connected from:
2016/10/15 16:25:33 [INFO]  Connected to:
2016/10/15 16:25:33 [INFO]  SSL connection
2016/10/15 16:25:34 [DEBUG] Client handshake done
2016/10/15 16:25:34 [DEBUG] Server handshake done
2016/10/15 16:25:34 [INFO]  User: postgres
2016/10/15 16:25:34 [INFO]  Database: test
2016/10/15 16:25:34 [INFO]  Query: SELECT * FROM stocks where id=-1 or 1=1
2016/10/15 16:25:34 [WARN]  Pattern not found: [53 55 51 52 55 52 50 53 55 51 53 49 115 116 111 99 107 115 53 55 51 53 50 105 100 54 49 52 53 53 55 51 55 57 53 55 52 48 52 53 55 51 55 57 54 49 53 55 51 55 57] (SELECT * FROM stocks where id=-1 or 1=1)
2016/10/15 16:25:34 [WARN]  Dropping connection

Web Interface

Web UI


Get it

$ go get -u github.com/nim4/DBShield

Then you can see help using "-h" argument:

$ $GOPATH/bin/DBShield -h
DBShield 1.0.0-beta3
Usage of DBShield:
  -a	get list of abnormal queries
  -c file
      config file (default "/etc/dbshield.yml")
  -h	show help
  -k	show parsed config and exit
  -l	get list of captured patterns
      show version

and run it with your configuration, like:

$ $GOPATH/bin/DBShield -c config.yml

see sample configuration file

⚠️ WARNING: Do NOT use default certificates in production environments!


Database Protect SSL
DB2 Yes No
MariaDB Yes Yes
MySQL Yes Yes
Oracle Yes No
Postgres Yes Yes

To Do

(Sorted by priority)

  • Improve documentation
  • Add Microsoft SQL Server
  • Add more command-line arguments
  • Get 90% test coverage
  • Support Oracle SSL


The Go Gopher

There is no documentation for this package.


Path Synopsis
Package dbshield implements the database firewall functionality
Package dbshield implements the database firewall functionality

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL