It never does, because abstractly speaking, there is no such thing as a secure computing system. This goes double for any computer that is switched on.
Practically speaking, it depends on how critical your application might be. If you're storing values for neurosurgery or automated dispersal of life-saving (or potentially life-ending) medication, you'd better be sanitizing on the way in, validating on the way out, and have some additional layers like audits and comparisons to known good values at rest. Look into defense in depth, and never trust the computer to make a decision, because the computer cannot be held accountable.
If you're storing quiz results for someone's favourite colour, or it's not internet connected, you can probably be a bit less paranoid about it.
> Can everything be an injection attack?
But yeah, anything and everything could be an injection attack if the attacker is determined enough. It's just a matter of how difficult you want to make it for them.
It never does, because abstractly speaking, there is no such thing as a secure computing system. This goes double for any computer that is switched on.
Practically speaking, it depends on how critical your application might be. If you're storing values for neurosurgery or automated dispersal of life-saving (or potentially life-ending) medication, you'd better be sanitizing on the way in, validating on the way out, and have some additional layers like audits and comparisons to known good values at rest. Look into defense in depth, and never trust the computer to make a decision, because the computer cannot be held accountable.
If you're storing quiz results for someone's favourite colour, or it's not internet connected, you can probably be a bit less paranoid about it.
> Can everything be an injection attack?
But yeah, anything and everything could be an injection attack if the attacker is determined enough. It's just a matter of how difficult you want to make it for them.