Abstract
In the tradition of distributed systems security, access control equals authentication and authorisation, where obtaining the source of the request is called ‘authentication’ [4]. In web applications, the source of a web page is a host known by a DNS name. Web browsers attempt to enforce same origin policies on scripts executing within a web page or on the dissemination of HTTP cookies.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Burns, J.: Cross site reference forgery. Technical report, Information Security Partners, LLC (2005) (Version 1.1)
CERT Coordination Center. Malicious HTML tags embedded in client web requests (2000), http://www.cert.org/advisories/CA-2000-02.html
Johns, M., Winter, J.: RequestRodeo: Client side protection against session riding. In: Piessens, F. (ed.) Proceedings of the OWASP Europe 2006 Conference, Departement Computerwetenschappen, Katholieke Universiteit Leuven, Report CW448, pp. 5–17 (May 2006)
Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gollmann, D. (2011). Problems with Same Origin Policy. In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds) Security Protocols XVI. Security Protocols 2008. Lecture Notes in Computer Science, vol 6615. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22137-8_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-22137-8_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22136-1
Online ISBN: 978-3-642-22137-8
eBook Packages: Computer ScienceComputer Science (R0)