Skip to main content

Notifications

Power Apps - Connector Development
Unanswered

SQL Injection: Preventing Sensitive Data Exposure in PowerApps - Masking Headers: x-ms-request-url

Posted on 12 Nov 2024 09:59:07 by 26
I’m working on securing PowerApps connections to SQL databases but noticed sensitive information like x-ms-request-url could potentially be exposed, raising concerns about SQL injection risks. While PowerApps is known for its security, I believe there must be a way to prevent these headers from being exposed. Has anyone used Azure API Management (APIM) or Content Security Policy (CSP) for masking headers or preventing potential vulnerabilities? Any suggestions or best practices would be greatly appreciated!

  • Suggested answer
    SaiRT14 Profile Picture
    SaiRT14 984 on 27 Nov 2024 at 17:17:27
    SQL Injection: Preventing Sensitive Data Exposure in PowerApps - Masking Headers: x-ms-request-url
    Here are the best practices:
     
    APIM acts as a gateway between your PowerApps and SQL databases, enabling you to control, mask, or block sensitive headers.
    Ensure that SQL queries in PowerApps, especially in custom connectors or flows, use parameterized queries:
    Instead of storing connection credentials, use Azure Managed Identity to authenticate PowerApps with SQL databases.
    Ensure SQL endpoints are only accessible from trusted IP ranges or services like APIM.
     
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

November 2024 Newsletter…

November 2024 Community Newsletter…

Community Update Oct 28…

Power Platform Community Update…

Tuesday Tip #7 Community Profile Tips…

Welcome to a brand new series, Tuesday Tips…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 143,137

#2
RandyHayes Profile Picture

RandyHayes 76,308

#3
Pstork1 Profile Picture

Pstork1 63,813

Leaderboard

Featured topics