Network Injection
It is usually considered the bigger risk :
- Access by many, unknown users.
- Network is a gateway, crossing physical boundaries.
- Risk in privileged servers (setuid, etc.)
Local Injections
- Local users can only deny access to themselves
- Desktop apps run as a plain user, risking their own data. However, this trust assumption can be wrong :
- Drive-by exploits attack locally (or use escalation).
- Growing concerns over insider threats.