Azure Security alert on Datagrip
Hi,
I'm using Datagrip/pycharm for SQL development on Azure SQL databases, and have started getting security alerts from Azure saying: "Potential exploitation of application code vulnerability to SQL Injection was detected. This may indicate a SQL Injection attack on database ....". When I dig in and look at the SQL, the query has a typo, i.e. I typed in a query and made a mistake, put Azure security thinks it's a possible SQL injection. I believe this is because the application "Datagrip" (which is also the name reported when I use pycharm) is not recognized as a developer tool, so Azure thinks it's an application without human-type queries.
Is there any way to get datagrip/pycharm to report to be, e.g. SQL Server Management Studio, similar to how it's possible to get Chrome to report to be Firefox by switching the user-agent?
请先登录再写评论。
@8forty
Could you check you set up applicationName advanced property in your data source settings?
E.g.:
Great, that's just what I was hoping to find. Didn't think to look in the data connection settings.
@8forty Write if there're some more issues.
Hi, in DataGrip in version 2.3 or more isn´t this option. Do you know where is in this versions? Thank you
@Smetanka
If there is no any option you can add it in `Advanced` tab.
@vasily chernov
Thank you, but still inst good for me
@Smetanka
What exactly do you need? Is it wrong version or do you want to remove it?
@vasily chernov
I and my colleagues using DataGrip, when somebody use a bad query or is connected to db, so I dont know who is it, because everybody has ApplicationName = DataGrip. I want to write nick of user in DataGrip config file and easy detect user witch connected to db.
But I dont know where and what is need to write in config
@vasily
How to remove it?
One can change or remove `ApplicationName` in data source Advanced tab:
There is no 'ApplicationName' option. But the sql still has 'DataGrid' comment:
@Funcsu,
For Oracle JDBC driver there is another property v$session.program
Additionally, anyone who wants to disable application info, needs to disable Send application info option in driver options tab
@vasily chernov
Got it!!!
I uncheck the "Send application info" then it works. Thank you!
vasily chernov
hi my DG version is 2020.1.3
I can't find applicationName in Properties-Drivers-Mysql-Advanced
and if I set applicationName in Properties-Project Data Source-Advance it doesn't work