Deutsch
•
Français
•
Nederlands
•
Español
•
Italiano
•
Português
•
Русский
•
日本語
•
中文
•
한국어
•
हिन्दी
•
తెలుగు
•
मराठी
•
தமிழ்
•
Türkçe
•
Ελληνικά
•
Polski
•
Čeština
•
Magyar
•
Svenska
•
Dansk
•
Suomi
•
Українська
•
العربية
•
Indonesia
Eval Injection Attack
An eval injection attack occurs when someone uses a program’s ability to evaluate code as a way to insert harmful code into the program.
Think of it like a spy trying to sneak into a building by pretending to be a delivery person. The program trusts the code that is being evaluated, just like the building trusts the delivery person.
But instead of delivering something good, the spy is delivering something harmful. In the case of an eval injection attack, the attacker is delivering code that can do things like steal data or take over the program.
So, it’s important to be careful when writing programs that can evaluate code, and to make sure that any input from outside sources is checked for malicious code before being evaluated.