This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Talk:Injection Theory

Jump to: navigation, search

I was suprised to find the wikipedia definition of data flow to be substanially different than the one I commonly hear used in programming circles.

Data Flow:

(See [ Wikipedia message passing]

"Message passing is the paradigm of communication where messages are sent from a sender to one or more recipients. Forms of messages include (remote) method invocation, signals, and data packets. When designing a message passing system several choices are made:"

So from the above definition.

Modern web based programming tends to take a lazy approach to messaging in that the raw message is generally passed from the http layer as far as possible. In part this is because different parts of the application act on different messages and in order to maintain the stateless communication model of the web each message must contain enough context to complete the entire transaction.