• Home
  • DSA
  • Concept
  • Interview
  • Tips&Tricks
  • Tutorial Videos
  • Home
  • DSA
  • Concept
  • Interview
  • Tips&Tricks
  • Tutorial Videos
  • #News
  • #APPS
  • #Events
    • #WWDC
    • #I/O
    • #Ignite
  • #Let’s Talk
  • #Advertise

MyCodeTips mycodetips-newlogocopy1

  • Home
  • DSA
  • Concept
  • Interview
  • Tips&Tricks
  • Tutorial Videos
IOS, IOSQuestions, Tips&Tricks

How to prevent SQL Injection in iOS apps?

SQL Injection

Application Security is a primary concern of every mobile application developer whether it is iPhone app, iPad app, Universal app in iOS, Android app, Blackberry app, Windows Phone app or tablet app. And most of the vulnerability attacks are due to client side SQL injection in applications. So methods to find and prevent client side SQL injection should be always on top of the mind of iOS developers.

Let’s see first What is SQL Injection?

SQL Injection is type of security attack in which an attacker is able to insert malicious code (crafted Data) as part of database SQL commands (SQL Query) which is executed by the application and exploits security vulnerability of the application at database layer.
SQL Injection permits an attacker to create, alter, update, read or delete the stored data available in the back-end database.

When SQL Injection occurs?

SQL Injection occurs when data entered by user is directly sent as a part of SQL query to the SQL interpreter without handling proper validations and without authenticating the user against a set of rules.

What attacker can do with SQL Injection?

Attacker uses crafted data (malicious data) as user input to the SQL interpreter in such manner that SQL interpreter will not be able to distinguish between intended data and attacker’s specially crafted data.

How to prevent it?

SQL injection can be prevented if you use an input validation technique in which user input is authenticated against a set of defined rules for length, type, and syntax and also against business rules.
Properly handle user input data, for example, remove special characters.
By using strongly typed parameterized query APIs with placeholder substitution markers.

How to prevent it in iOS Application?

When designing queries for SQLite we have to be sure that user supplied data is validated against some predefine rules and being passed to a parameterized query. This can be identified by looking for the format specifier used.

Liked it? Take a second to support Ranjan on Patreon!
become a patron button
  • Click to share on Reddit (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • More
  • Click to share on Pocket (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
Written by Ranjan - 4423 Views
Tags | Android, Application Security, SQL
AUTHOR
Ranjan

Namaste, My name is Ranjan, I am a graduate from NIT Rourkela. This website is basically about of what i learnt from my years of experience as a software engineer on software development specifically on mobile application development, design patterns/architectures, its changing scenarios, security, troubleshooting, tools, tips&tricks and many more.

You Might Also Like

1386376017 database

Tips for SQL Query Optimization

December 5, 2013
mycodetips-newlogo2

How to Backup Contacts and SMS Messages using command line in Android

September 27, 2013
mycodetips dotnet

Tips for Database ConnectionStrings of Various Provider

December 3, 2013
Next Post
Previous Post

Support us

mycodetips mycodetips
Follow us @ LinkedIn 2850+

Subscribe for updates

Join 8,213 other subscribers

Latest Posts

  • YT-Featured-solidprinciples
    SOLID Principles of Software Design
  • IOS 16 Features
    Latest features in IOS 16
  • r-language
    How can R language be used for data analysis?
  • wordpress-coding-blog
    Guide To WordPress Coding Standards
  • YT-Featured-Algorithm
    What is Algorithm?
  • Frameworks of IOS
    Frameworks of IOS – Part ( I )
  • NSFileManager or NSPathUtilities
    NSFileManager or NSPathUtilities in Objective-C
  • Passing data between view controllers in Objective-C
    Passing data between view controllers in Objective-C
  • structures-classes-enum
    Structures and Classes in swift !
  • control-system-swift
    Control Flow in Swift
whiteboard

Whiteboard(PRO)

whiteboard

Whiteboard(lite)

alphabets

Kids Alphabet

techlynk

Techlynk

techbyte

Do2Day

techbyte

Techbyte

  • #about
  • #myapps
  • #contact
  • #privacy
  • #Advertise
  • #Guestpost
  • #myQuestions

Android Android Studio API APP Programming Apps blogging CSS DATABASE dsa Features HTML HTML5 installation Interview Questions IOS iPhone javascript Mac objective-c OS Programming quicktips SDK SEO SQL swift Tips & Tricks Tools UI Web Wordpress Xcode

  • SOLID Principles of Software Design
  • Latest features in IOS 16
  • How can R language be used for data analysis?
  • Guide To WordPress Coding Standards
  • What is Algorithm?

©mycodetips.com