Hi @ShaikhSajidAli
So i had just read lots of documentation about this.
I didn’t get any clue . So how to protect url.
i have same problem . People using script to hack database in my people add money via referral code
Same with my case. I don’t know what should do we now?
Use Firebase. And use the secure google login.
But firebase not have data structure like MySQL and its more cheaper than firebase
furthermore we cannot run queries in firebase . can we?
But if @Kodular adds firebase firestore component then it would be possible…
Well for me as i developing for my project i make api for mysql using jwt and slim or node.js it prevents sql injection and other attacks
Would you like share some tips or tutorial. i am beginner and kodular help me lots learn how to develop app without coding
Thats nice but if we not allow the user to run any query by his own and everything is highly programmed in kodular even then he can hack???
I didn’t believe on this all thing depends on your logic not kodular
Did you try with rooted phone or with non-rooted. I was able to sniff only with my rooted tablet.
I was also tried in rooted phone
So with non-rooted phone?
I had try but not successful.
So the problem is the users with rooted phones. You can use Device Utilities and forbid these users to open your app. If they can’t open your app and run the queries they will not get any response back.
It’s Possible You Can Capture MySQL Data With Non-Rooted Phone
I Have Huawei Nova 3i Android 9.1
I Test this in my phone and it’s work. you can capture all MySQL Requests and Reponses
Same thing happens with browser also you can get response and request but you can’t normally hack that because query runs on server side not from client side.
Client doesn’t make any query its old time that query executed from client side now everything works mainly in server side.
That’s exactly what I was going to quote …
I still don’t understand how they are getting into your database …
I think because I’m hungry and I haven’t had lunch yet …
You are passing SQL commands via Kodular POST blocks, is that it?
I run them on the server.
It was a good read and finally came to proper conclusion.
Best practice is to have your queries on the server side nd use android to just make a web connection.