Abstract
This chapter explores in detail security issues that arise from interactions between multiple web sites or web-based applications that a user is visiting with the same browser. Since such security concerns usually involve web-based resources or applications in two or more different domains,1 such issues are called cross-domain security issues. The purpose of this chapter is twofold: First, it serves to demonstrate that in security, the “devil is often in the details,” and that an aspect of application security that at first seems fairly straightforward actually turns out to be rather complex. As such, this chapter assumes a deeper knowledge of HTML and web technologies to understand all the detail. You are encouraged to re-read Chapter 7 to freshen up on the basics before attacking this chapter, and also to consult the HTML specification when necessary as you read through this chapter. Second, we believe that to date no comprehensive treatment of cross-domain security is available, and we fill that gap.
The term domain relates to the Domain Name System (DNS), the naming scheme for hosts, such as web servers, on the Internet.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Rights and permissions
Copyright information
© 2007 Neil Daswani, Christoph Kern, and Anita Kesavan
About this chapter
Cite this chapter
(2007). Cross-Domain Security in Web Applications. In: Foundations of Security. Apress. https://doi.org/10.1007/978-1-4302-0377-3_10
Download citation
DOI: https://doi.org/10.1007/978-1-4302-0377-3_10
Publisher Name: Apress
Print ISBN: 978-1-59059-784-2
Online ISBN: 978-1-4302-0377-3
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books