Security Considerations When Developing Mobile Applications
Dynamics Mobile 1.5
This topic discusses security issues that you should consider when developing a mobile application.
SQL Injection
A tasklet or service can use the Microsoft.Dynamics.Mobile.Framework.DataAccess.dll assembly to execute SQL queries against Microsoft SQL Server 2008 Compact Edition. This presents a security risk because it exposes your mobile application to SQL injections. Using SQL injections, a consumer can alter the behavior of SQL statements and make the mobile application behave differently than you intended.
To avoid exposing your mobile application to SQL injection attacks, use parameterized SQL. More information on this topic can be found on MSDN, see for instance SQL Injections in Microsoft SQL 2008 documentation.
Community Additions
ADD
Show: