• Home
  • Basics
  • DSA
  • MAD
  • Concept
  • Practice
  • Misc
    • Tips
    • QA’s
    • Misc
  • Course
  • Home
  • Basics
  • DSA
  • MAD
  • Concept
  • Practice
  • Misc
    • Tips
    • QA’s
    • Misc
  • Course
  • #News
  • #APPS
  • #Apple WWDC
  • #Google I/O
  • #Microsoft Ignite
  • #Let’s Talk
  • #Advertise

MyCodeTips mycodetips-newlogocopy1

  • Home
  • Basics
  • DSA
  • MAD
  • Concept
  • Practice
  • Misc
    • Tips
    • QA’s
    • Misc
  • Course
IOS, IOSQuestions, Tips&Tricks

How to prevent SQL Injection in iOS apps?

SQL Injection

Application Security is a primary concern of every mobile application developer whether it is iPhone app, iPad app, Universal app in iOS, Android app, Blackberry app, Windows Phone app or tablet app. And most of the vulnerability attacks are due to client side SQL injection in applications. So methods to find and prevent client side SQL injection should be always on top of the mind of iOS developers.

Let’s see first What is SQL Injection?

SQL Injection is type of security attack in which an attacker is able to insert malicious code (crafted Data) as part of database SQL commands (SQL Query) which is executed by the application and exploits security vulnerability of the application at database layer.
SQL Injection permits an attacker to create, alter, update, read or delete the stored data available in the back-end database.

When SQL Injection occurs?

SQL Injection occurs when data entered by user is directly sent as a part of SQL query to the SQL interpreter without handling proper validations and without authenticating the user against a set of rules.

What attacker can do with SQL Injection?

Attacker uses crafted data (malicious data) as user input to the SQL interpreter in such manner that SQL interpreter will not be able to distinguish between intended data and attacker’s specially crafted data.

How to prevent it?

SQL injection can be prevented if you use an input validation technique in which user input is authenticated against a set of defined rules for length, type, and syntax and also against business rules.
Properly handle user input data, for example, remove special characters.
By using strongly typed parameterized query APIs with placeholder substitution markers.

How to prevent it in iOS Application?

When designing queries for SQLite we have to be sure that user supplied data is validated against some predefine rules and being passed to a parameterized query. This can be identified by looking for the format specifier used.

  • Click to share on Reddit (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • More
  • Click to share on Pocket (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
Written by Ranjan - October 7, 2013 - 5150 Views
Tags | Android, Application Security, SQL
AUTHOR
Ranjan

This website is basically about of what we learnt from my years of experience as a software engineer on software development specifically on mobile application development, design patterns/architectures and its changing scenarios, security, troubleshooting, tools, tips&tricks and many more.

You Might Also Like

mycodetips database

How to start Sqlserver from Command prompt

June 11, 2013
mycodetips-newlogo2

Method for Email validation in Android application

October 7, 2013
mycodetips-newlogo2

How to Add Identity Column to Table Based on Order of Another Column

June 11, 2013
Next Post
Previous Post

Support us

Subscribe for updates

Join 8,278 other subscribers

Latest Posts

  • Exploring Single Point Failure
    Exploring Single Point Failures: Causes and Impacts
  • primitive-datatypes-new
    Exploring the Pros and Cons of Primitive Data Types
  • best practice clean code
    Essential Coding Standards and Best Practices for Clean Code
  • YT-Featured-Templates--lld
    What Business Problems Solves in Low Level Design (LLD)
  • SRP-SingleResopnsibility
    SRP : Single Responsibility Principle in Swift and Objective-C
whiteboard

Whiteboard(PRO)

whiteboard

Whiteboard(lite)

alphabets

Kids Alphabet

do2day

Do2Day

  • #about
  • #myapps
  • #contact
  • #privacy
  • #Advertise
  • #myQuestions

Android Database Interview IOS IOSQuestions Javascript Objective-c Programming Swift Tips&Tricks Web Wordpress

  • Exploring Single Point Failures: Causes and Impacts
  • Exploring the Pros and Cons of Primitive Data Types
  • Essential Coding Standards and Best Practices for Clean Code
MyCodeTips

©mycodetips.com

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.