A secure SQL query handling library for Delphi applications that provides obfuscation and protection for SQL statements and parameters.
SecureSQLHandler is designed to enhance security in Delphi applications that work with databases by preventing SQL injection and protecting sensitive query information. The library obfuscates SQL queries and parameters, making it difficult for malicious actors to intercept or understand database interactions.
- SQL Query Obfuscation: Automatically transforms SQL statements into an encrypted format
- Parameter Security: Encrypts and secures query parameters
- Connection String Protection: Securely stores and manages database connection strings
- SQL Integrity Verification: Ensures SQL hasn't been tampered with via hash signatures
- FireDAC Integration: Seamlessly works with Delphi's FireDAC components
- Minimal Performance Impact: Designed for efficiency with negligible overhead
- Delphi 10.3 or higher
- FireDAC components (included with Delphi)
- Clone the repository or download the source code
- Add the
SecureSQLHandler.pasfile to your project - Add the unit to your uses clause
uses
SecureSQLHandler;// Create a secure SQL query
var
SecureQuery: TSecureSQLQuery;
ConnectionString: string;
begin
// Set up connection string
ConnectionString := 'DriverID=MSSQL;Server=myserver;Database=mydb;User_Name=user;Password=pwd;';
// Create the query object
SecureQuery := TSecureSQLQuery.Create(ConnectionString);
try
// Set SQL (will be automatically obfuscated)
SecureQuery.SQL := 'SELECT * FROM Customers WHERE CustomerID = :ID';
// Add parameters
SecureQuery.AddParameter('ID', 1234, pdtInteger);
// Execute query
if SecureQuery.Open then
begin
// Process results
while not SecureQuery.Query.Eof do
begin
// Access fields via SecureQuery.Query.FieldByName
ShowMessage(SecureQuery.Query.FieldByName('CustomerName').AsString);
SecureQuery.Query.Next;
end;
end;
finally
SecureQuery.Free;
end;
end;var
ConnectionManager: TSecureSQLConnectionManager;
Connection: TFDConnection;
begin
ConnectionManager := TSecureSQLConnectionManager.Create;
try
// Add and encrypt a connection
ConnectionManager.AddConnection('MainDB',
'DriverID=MSSQL;Server=myserver;Database=mydb;User_Name=user;Password=pwd;');
// Get the connection when needed
Connection := ConnectionManager.GetConnection('MainDB');
// Use the connection with standard FireDAC components if needed
// ...
finally
ConnectionManager.Free;
end;
end;See the included SecureSQLDemo.pas for a comprehensive example of using the library.
- SQL keywords (SELECT, FROM, WHERE, etc.) are tokenized
- Remaining SQL parts are encrypted with a session-specific key
- A hash signature is appended to verify integrity
- The entire SQL statement is transformed into an unreadable format
Parameters are encrypted before being stored and are only decrypted when needed for query execution. This prevents sensitive parameter values from being exposed in memory dumps or through debugging tools.
Connection strings contain sensitive information such as server addresses, usernames, and passwords. The library encrypts these strings and only decrypts them when establishing connections.
The library is designed to have minimal impact on performance:
- Encryption is optimized for speed
- SQL statements are only obfuscated once, then cached
- Connection overhead is negligible
For maximum security:
- Never expose the obfuscated SQL or encrypted parameters in logs or debug output
- Store the library's encryption keys securely
- Use parameterized queries for ALL user input
- Regularly rotate encryption keys for production environments
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Inspired by the need for better SQL security in Delphi applications
- Thanks to all contributors and users for their feedback and support