MySQL DB is hackable?

Harsh_Rajput · May 7, 2020, 9:28am

Hi @ShaikhSajidAli
So i had just read lots of documentation about this.
I didn’t get any clue . So how to protect url.

dhinchakblog · May 7, 2020, 11:13am

i have same problem . People using script to hack database in my people add money via referral code

Harsh_Rajput · May 7, 2020, 11:17am

Same with my case. I don’t know what should do we now?

Mika · May 7, 2020, 11:18am

Use Firebase. And use the secure google login.

dhinchakblog · May 7, 2020, 11:21am

But firebase not have data structure like MySQL and its more cheaper than firebase

Zia_Choudhary · May 7, 2020, 11:34am

furthermore we cannot run queries in firebase . can we?
But if @Kodular adds firebase firestore component then it would be possible…

ShaikhSajidAli · May 7, 2020, 11:57am

Well for me as i developing for my project i make api for mysql using jwt and slim or node.js it prevents sql injection and other attacks

dhinchakblog · May 7, 2020, 12:04pm

Would you like share some tips or tutorial. i am beginner and kodular help me lots learn how to develop app without coding

Zia_Choudhary · May 7, 2020, 12:13pm

Thats nice but if we not allow the user to run any query by his own and everything is highly programmed in kodular even then he can hack???

ShaikhSajidAli · May 7, 2020, 12:59pm

I didn’t believe on this all thing depends on your logic not kodular

George_Loungos · May 7, 2020, 1:08pm

Did you try with rooted phone or with non-rooted. I was able to sniff only with my rooted tablet.

Harsh_Rajput · May 7, 2020, 1:15pm

I was also tried in rooted phone

George_Loungos · May 7, 2020, 1:16pm

So with non-rooted phone?

Harsh_Rajput · May 7, 2020, 1:21pm

I had try but not successful.

George_Loungos · May 7, 2020, 1:28pm

So the problem is the users with rooted phones. You can use Device Utilities and forbid these users to open your app. If they can’t open your app and run the queries they will not get any response back.

Ottoman · May 7, 2020, 1:55pm

It’s Possible You Can Capture MySQL Data With Non-Rooted Phone
I Have Huawei Nova 3i Android 9.1
I Test this in my phone and it’s work. you can capture all MySQL Requests and Reponses

ShaikhSajidAli · May 7, 2020, 3:06pm

Same thing happens with browser also you can get response and request but you can’t normally hack that because query runs on server side not from client side.
Client doesn’t make any query its old time that query executed from client side now everything works mainly in server side.

Rogerio_Rios · May 7, 2020, 4:51pm

That’s exactly what I was going to quote …
I still don’t understand how they are getting into your database …
I think because I’m hungry and I haven’t had lunch yet …

Rogerio_Rios · May 7, 2020, 6:35pm

You are passing SQL commands via Kodular POST blocks, is that it?
I run them on the server.

Meghraj_Singh · May 9, 2020, 1:14am

It was a good read and finally came to proper conclusion.

Best practice is to have your queries on the server side nd use android to just make a web connection.