The present invention relates to a Structured Query Language (SQL), and more specifically, to a method and device for determining criticality of a SQL statement.
SQL is a data query language for a database. A user can access the database by a series of SQL statements, in order to manipulate, e.g., query, update or delete, data in the database. On the other hand, it is very important for a database administrator to ensure security of the data in the database, so there is a need to determine criticality of the SQL statements executed on the data in the database, that is, to determine whether the SQL statements are likely to damage the security of the data in the database. Specifically, for a database containing confidential information, especially a commercial database, the user may intentionally or unintentionally access the database using a SQL statement which is directly or potentially critical, so that the data in the database are leaked to unauthorized persons, or are improperly modified or deleted, causing damage to the security of the data in the database. Therefore, when a SQL statement to be executed on the database is received, the database administrator needs to analyze the criticality of the SQL statement, so as to take an appropriate action when necessary, such as prohibit execution of the SQL statement.
Conventionally, the user can set a series of security rules according to his own needs, and the security rules define which SQL statements are insecure or critical, so that when the received SQL statement complies with the definition of the security rules, the SQL statement is identified as an insecure statement. However, since there are a variety of SQL statements, the user needs to set security rules as many as possible to define various insecure SQL statements, which brings a heavy burden to the user. In addition, it is hard for the security rules set by the user to cover all insecure SQL statements, and once a certain insecure SQL statement is not covered by the security rules, it will not be identified and thus will damage the security of the data in the database.