Injection: Difference between revisions
From Rice Wiki
No edit summary |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 2: | Line 2: | ||
An '''injection''' refers to flaws that come from data and control being sent on the same channel, allowing users to send malicious control signals that are unwittingly processed. | An '''injection''' refers to flaws that come from data and control being sent on the same channel, allowing users to send malicious control signals that are unwittingly processed. | ||
= Defense = | |||
The most robust/general solution is to separate data and control. | |||
= Examples = | = Examples = | ||
| Line 7: | Line 10: | ||
* [[SQL injectoin]] | * [[SQL injectoin]] | ||
* [[Phone injection]] | * [[Phone injection]] | ||
* [[Command injection]] | |||
* [[Cross-site scripting]] | |||
Latest revision as of 20:34, 23 May 2024
An injection refers to flaws that come from data and control being sent on the same channel, allowing users to send malicious control signals that are unwittingly processed.
Defense
The most robust/general solution is to separate data and control.
