这个捕获到的响应可以被第三方作为对其他请求的响应再次发送,并假装它就是XKMS服务本身。
This captured response can again be sent by the third party as a response to some other request and masquerade as the XKMS service itself.
浏览器的同源策略无法阻止CSRF攻击,因为攻击请求被传输到第三方入侵站点的代理中相同的源。
The browser's same-origin policy does not prevent CSRF attacks because the attack requests are transmitted to the same origin in proxy for the intruding third-party site.
另一方面,Web服务可以被任何客户端代码所调用,这个代码能够构造一个结构良好的SOAP请求。
Web services on the other hand can be invoked by any client code which can create a well-formed SOAP request.
应用推荐