Definition

Same Origin Policy (SOP)

Same Origin Policy (SOP), also called Single Origin Policy, is a security measure used in Web browser programming languages such as JavaScript and Ajax to protect the confidentiality and integrity of information. Same Origin Policy prevents a web site's scripts from accessing and interacting with scripts used on other sites.

HTTP cookies are dependent on the Same Origin Policy to ensure that sensitive information held about a certain user's activity pertains only to one site. Requiring scripts to be from the same site, or have the same origin, in order to interact with each other without restriction allows browsers to maintain user sessions securely without user re-authentication.

The Same Origin Policy is commonly circumvented by clientless SSL VPNs; the VPNs draw content from all over the Internet and present it to the client as though it came from the same origin, thereby allowing scripts from various sites to interact. This is dangerous because a malicious script from a compromised site could interact with a script from a legitimate site without restriction, potentially leading to malware infections or sensitive data being compromised.

This was last updated in February 2010
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: