This document describes the ViziApps Authentication Process for Mobile App Access to SQL Databases.
The authentication process for mobile app access to SQL databases relies on access tokens that are reset with each mobile app session. A mobile app session starts when the app is opened on the device and ends when there is an activity timeout. A special login request is made using credentials that users enter in the app, which returns the session access token used for all subsequent app SQL queries during the app session. The special login request is protected against a SQL injection attack on the server side and the use of the one-time access token per app session required for standard SQL queries prevents various other attacks.