1 00:00:00,300 --> 00:00:06,980 All right, now let's talk about this same origin policy, same margin policy is a security mechanism, 2 00:00:07,290 --> 00:00:09,000 so let's see what this does. 3 00:00:09,300 --> 00:00:17,010 And according to this same policy, a browser executed script only if request as same protocol, same 4 00:00:17,010 --> 00:00:18,480 domain name and simple number. 5 00:00:18,720 --> 00:00:19,890 So this is very important. 6 00:00:19,920 --> 00:00:23,140 This, uh, same protocol, same the and. 7 00:00:23,700 --> 00:00:26,970 So let's see an example to get a better understanding. 8 00:00:27,480 --> 00:00:31,620 Suppose we are a cynical dotcom see slash user one. 9 00:00:32,790 --> 00:00:38,730 So I have logged in as user one and you are a YouTube's user one. 10 00:00:39,360 --> 00:00:47,190 Then see the protocol duties and the domain name is Nicholas and the sport is 80 by default and we cannot 11 00:00:47,190 --> 00:00:49,300 execute a script into our domain. 12 00:00:49,620 --> 00:00:53,970 Suppose if I wrote a JavaScript into this little dot com. 13 00:00:54,870 --> 00:01:03,180 And if I say studious, no rock'em secret, but the reason I suppose that's their secret to and if I, 14 00:01:03,480 --> 00:01:12,500 uh, put this post request is in the new form, using the JavaScript in particular, come and ask for 15 00:01:12,500 --> 00:01:14,040 it and order some secret text. 16 00:01:14,310 --> 00:01:21,020 Then the script will not be executed by the browser because the protocol is has utopia's, but domain 17 00:01:21,030 --> 00:01:23,640 name is different than Oracle and Nicarico. 18 00:01:23,910 --> 00:01:28,560 So that difference in the domain will be identified by the browser. 19 00:01:28,560 --> 00:01:37,340 And that script regarding the request, order for this, uh, will be discarded. 20 00:01:37,680 --> 00:01:41,290 And you can see here it should be restricted at the moment. 21 00:01:41,340 --> 00:01:43,800 But the number is one, two, three, four thirty. 22 00:01:43,890 --> 00:01:46,880 That means there is another service on the one, two, three, four. 23 00:01:47,100 --> 00:01:54,680 And whenever I just use the script, uh, in the regular complex, just this secret text. 24 00:01:54,700 --> 00:01:59,360 Well, it is not because the phone number is different. 25 00:01:59,370 --> 00:02:06,690 So the same margin policy difference that you can only run the scripts or access to documents. 26 00:02:07,020 --> 00:02:11,530 The contents are only the same, the same protocol, the same domain name and the same number. 27 00:02:11,880 --> 00:02:16,980 So there is another, uh, file in an Larcombe slash save file too. 28 00:02:17,280 --> 00:02:23,460 Then you can simply access the file because, uh, it's in the same protocol saying over and no, but 29 00:02:23,460 --> 00:02:26,640 you cannot access the other number or other domain names. 30 00:02:27,900 --> 00:02:29,700 So that is about the same policy. 31 00:02:29,970 --> 00:02:37,140 If the security mechanism is not set, uh, then it raises very serious security problems. 32 00:02:37,560 --> 00:02:40,830 Uh, this is a sort of, uh, another attack. 33 00:02:41,100 --> 00:02:43,020 So we see that in the system. 34 00:02:43,350 --> 00:02:47,040 So basically, the attacker will craft, uh. 35 00:02:48,460 --> 00:02:55,360 Link, so whenever you click on that link, a request like that request, our post request will be sent 36 00:02:55,360 --> 00:02:58,970 to the server on behalf of your, uh. 37 00:03:00,090 --> 00:03:10,350 On behalf of your session, that means some secret, but now I craft a script in this microcosm and 38 00:03:10,350 --> 00:03:16,090 when our user clicks on this, then a post request or request will be sent to the secret activity, 39 00:03:16,350 --> 00:03:18,990 but is not shown to the attacker. 40 00:03:18,990 --> 00:03:20,460 But the script executes. 41 00:03:21,240 --> 00:03:22,880 So this is very important. 42 00:03:22,900 --> 00:03:30,630 So imagine, I hope, have understood the good script only if the request has some protocol on the same 43 00:03:30,630 --> 00:03:32,040 domain on this important.