2008/3/31, Darden, Patrick S. :

> I don't know of a level 4 above, which would be:
> 4. application proxy (SQL proxy that filters out all queries by default except those that match specific criteria, i.e. a SQL whitelist ruleset)

(Actually SQL injection is in the http request, and in case of POST,
also in the body. So you need a http proxy to defend against it on a

> I think if someone did make such a beastie, it would make waves.

Well, some 7 years ago we also thought so. So we created Zorp.
Very few have shown interest since (well, we can give food to a bunch
of developers, but no world domination still), and even fewer use more
than a tenth of its features.
firewall-wizards mailing list