Explain the meaning of the same-origin policy in the creation of trustworthy systems.
What will be an ideal response?
For networking APIs, the same-origin policy distinguishes between sending and receiving information. Broadly, one origin is permitted to send information to another origin, but one origin is not permitted to receive information from another origin. The prohibition on receiving information is intended to prevent malicious web sites from reading confidential information from other web sites, but also prevents web content from legitimately reading information offered by other web sites. Under the same-origin policy, cross-site sending of information is also dangerous since it enables attacks such as cross-site request forgery (CSRF) and clickjacking. The same-origin policy cannot address these security vulnerabilities in the same way it does those around receiving of information since prohibiting cross-site sending of information would prohibit cross-site hyperlinks.
You might also like to view...
Which of the following will correctly assign all the values in one array to the other array? (Assume both arrays are of the same type and have SIZE elements)
a. array1=array2;
b. array1[]=array2;
c. for(i=0;i
Setting the property to None removes the standard window frame containing the title and buttons to minimize, maximize and close the app.
a) Frame b) Title c) WindowStyle d) WindowFrame