翻訳と辞書 |
Same-origin policy : ウィキペディア英語版 | In computing, the same-origin policy is an important concept in the web application security model. Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same ''origin''. An origin is defined as a combination of URI scheme, hostname, and port number.(Same Origin Policy - Web Security ). W3.org. Retrieved on 2013-08-20. This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model.This mechanism bears a particular significance for modern web applications that extensively depend on HTTP cookies to maintain authenticated user sessions, as servers act based on the HTTP cookie information to reveal sensitive information or take state-changing actions. A strict separation between content provided by unrelated sites must be maintained on the client-side to prevent the loss of data confidentiality or integrity.== History ==The concept of same-origin policy dates back to Netscape Navigator 2 in 1995. All modern browsers implement some form of the Same-Origin Policy as it is an important security cornerstone.(【引用サイトリンク】url=http://code.google.com/p/browsersec/wiki/Part2 In computing, the same-origin policy is an important concept in the web application security model. Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same ''origin''. An origin is defined as a combination of URI scheme, hostname, and port number.〔(Same Origin Policy - Web Security ). W3.org. Retrieved on 2013-08-20.〕 This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model. This mechanism bears a particular significance for modern web applications that extensively depend on HTTP cookies to maintain authenticated user sessions, as servers act based on the HTTP cookie information to reveal sensitive information or take state-changing actions. A strict separation between content provided by unrelated sites must be maintained on the client-side to prevent the loss of data confidentiality or integrity. == History ==
The concept of same-origin policy dates back to Netscape Navigator 2 in 1995. All modern browsers implement some form of the Same-Origin Policy as it is an important security cornerstone.〔(【引用サイトリンク】url=http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy )〕 The policies are not required to match an exact specification 〔(【引用サイトリンク】url=http://www.w3.org/Security/wiki/Same_Origin_Policy )〕 but are often extended to define roughly compatible security boundaries for other web technologies, such as Microsoft Silverlight, Adobe Flash, or Adobe Acrobat, or for mechanisms other than direct DOM manipulation, such as XMLHttpRequest. In the absence of a same-origin-policy, it is possible for any attacker to include script on a web page that will redirect the user to some malicious web site.
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「In computing, the same-origin policy is an important concept in the web application security model. Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same ''origin''. An origin is defined as a combination of URI scheme, hostname, and port number.(Same Origin Policy - Web Security ). W3.org. Retrieved on 2013-08-20. This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model.This mechanism bears a particular significance for modern web applications that extensively depend on HTTP cookies to maintain authenticated user sessions, as servers act based on the HTTP cookie information to reveal sensitive information or take state-changing actions. A strict separation between content provided by unrelated sites must be maintained on the client-side to prevent the loss of data confidentiality or integrity.== History ==The concept of same-origin policy dates back to Netscape Navigator 2 in 1995. All modern browsers implement some form of the Same-Origin Policy as it is an important security cornerstone.(【引用サイトリンク】url=http://code.google.com/p/browsersec/wiki/Part2」の詳細全文を読む
スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|