如果您的程序是数据的浏览器或者编辑器——比如文字处理器或者图像显示器——那么那些数据有可能来自攻击者,所以那是不可信的输入。
If your program is a viewer or editor of data—such as a word processor or an image displayer—that data might be from an attacker, so it's an untrusted input.
当在高级编辑模式下查看模型时,数据输入和输出是可见的;在基本模式下则只能看到控制流。
Data inputs and outputs are visible when the model is viewed in advanced editing mode; in basic mode only the control flow is visible.
问题在于,遗留系统并不进行数据输入编辑和检验,因此不能确保应用程序中捕捉的数据与逻辑数据模型保持一致。
The problem was that the legacy systems did not have the data entry edits and validations to ensure that the data captured in the application was consistent with the logical data models.
应用推荐