Explain the meaning of the same-origin policy in the creation of trustworthy systems.

What will be an ideal response?


For networking APIs, the same-origin policy distinguishes between sending and receiving information. Broadly, one origin is permitted to send information to another origin, but one origin is not permitted to receive information from another origin. The prohibition on receiving information is intended to prevent malicious web sites from reading confidential information from other web sites, but also prevents web content from legitimately reading information offered by other web sites. Under the same-origin policy, cross-site sending of information is also dangerous since it enables attacks such as cross-site request forgery (CSRF) and clickjacking. The same-origin policy cannot address these security vulnerabilities in the same way it does those around receiving of information since prohibiting cross-site sending of information would prohibit cross-site hyperlinks.

Computer Science & Information Technology

You might also like to view...

You should wait until the normalization process is complete before creating relationships between tables

Indicate whether the statement is true or false

Computer Science & Information Technology

A hub and a switch operate at the same layer of the OSI model.

a. true b. false

Computer Science & Information Technology

AT&T is an example of a(n) ________.

a. network access point b. network service provider c. Internet backbone d. routers

Computer Science & Information Technology

The first attempt to allow for multiprogramming used fixed partitions.

Answer the following statement true (T) or false (F)

Computer Science & Information Technology