Security in AI-SQL-Chat

Last updated:

This document describes the technical and organizational security measures implemented in AI-SQL-Chat. We focus on minimal data usage, secure-by-design SQL guardrails, and multi-layer protection (defense-in-depth).

1) Data and Privacy

  • By default, query results are not stored permanently; data is processed in memory only for the duration of execution.
  • Technical logs are minimal (statuses, metrics, error signatures) — without user data whenever possible.
  • See the Privacy Policy for GDPR-related information.

2) Encryption and Secrets

  • Full HTTPS/TLS on the entire path (including Oracle Cloud load balancer).
  • Secrets (API keys, passwords) are stored in environment variables or a secrets manager — never in the repository.

3) Threat Model (Summary)

  • SQL injections and payloads attempting to bypass validation.
  • Excessive load (DoS/DDoS, brute-forcing endpoints).
  • Unauthorized access to static files or uploaded schema files.
  • Browser-level attacks (XSS/CSRF), header manipulation.
  • Data leakage through logs, misconfigured CORS, or overly broad permissions.

4) Design Principles

  • Single-SELECT only. Only one SELECT statement is generated and allowed.
  • Data minimization. No permanent result storage; temporary data lives only in process memory.
  • Secure defaults. Hard limits, blacklist patterns, payload size limits.

5) SQL Protection (Middleware)

The model output and the user's input are validated by syntactic and semantic filters:

// pseudocode (Node/Express)
const banned = /\b(INSERT|UPDATE|DELETE|DROP|TRUNCATE|ALTER|CREATE|RENAME|MERGE|CALL|EXEC|OUTFILE|INFILE|SLEEP|BENCHMARK)\b/i;

function enforceSQL(req, res, next){
  let sql = String(req.body.sql || req.body.question || '');
  if(!/^\\s*SELECT\\b/i.test(sql)) return res.status(400).json({error:'SELECT only'});
  if(banned.test(sql))            return res.status(400).json({error:'Forbidden clause'});
  if(!/\\bLIMIT\\b/i.test(sql))   sql = sql.replace(/;?\\s*$/, ' LIMIT 1000;');

  // optional schema-based whitelist using uploaded JSON
  req.sql = sql;
  next();
}

6) Limits and Protections

  • Rate-limit & slowdown: per-IP limits and soft delays under abuse patterns.
  • toobusy-like: instant 503 when event loop lag is high.
  • Body-size limit: strict payload limits; rejection of unusual MIME types.

7) Security HTTP Headers

The reverse proxy (e.g., Nginx) sets strong headers:

add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always;

# Basic CSP (adjust for your domains/CDNs):
add_header Content-Security-Policy "
  default-src 'self';
  img-src 'self' data:;
  style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
  font-src https://fonts.gstatic.com 'self';
  script-src 'self';
  connect-src 'self';
" always;

8) CORS and Static Files

  • CORS: strict origin whitelist, no * for authenticated requests.
  • Static files: directory listing disabled; sensitive files (.env, .key, hidden files) blocked.

9) Availability and Backups

  • Automatic process restarts (PM2/systemd), health checks.
  • Backups of configuration and deployment artefacts; user schemas kept according to retention policy.

10) Vulnerability Disclosure (Responsible Disclosure)

If you find a vulnerability, please email podkowa71@gmail.com with the subject [SECURITY]. Include reproduction steps, scope, and impact. We respond promptly, usually within 7 days. Please avoid public PoCs until a fix is deployed.

11) Incident Response

  1. Detection and triage (logs, metrics, alerts).
  2. Containment (rate-limit spikes, block offending origins, disable affected features).
  3. Root cause analysis, patching, verification.
  4. User notification if the incident may have impacted them.

12) On-Prem / VPC Deployment

For business clients we offer on-prem/VPC deployment consulting (network segmentation, key rotation, centralized logging, extra CSP rules, SCA/DAST scanning). Contact: podkowa71@gmail.com.

13) Example Nginx Configuration (Static Files)

location / {
  try_files $uri $uri/ =404;
}

location ~* \\.(env|key|pem|log|bak)$ {
  deny all;
}

autoindex off;
client_max_body_size 512k;

14) Document Changes

This document may be updated as the service evolves. A change log is available upon request.