Cross-domain access prevention
First Claim
Patent Images
1. A method comprising:
- accessing, via a processor, web-enabled content in a first domain including automatically executing a script in the content to receive request access to a web page in a second domain, the script being embedded in the web-enabled content;
detecting, via the processor, the request from the first domain to access the second domain;
applying, via the processor, cross-domain access heuristics to determine whether to allow the request, the cross-domain access heuristics defining determining common ownership characteristics between the first domain and the second domain;
executing, via the processor, a client domain resolver for determining an associated Internet Protocol (IP) address or subnet for the second domain and storing the associated IP address or subnet in at least one cache, the executing of the client domain resolver in response to failing to determine the common ownership characteristics between the first and second domains;
performing, via the processor, the requested access in response to determining that the request complies with at least one of the cross-domain access heuristics; and
blocking, via the processor, the requested access in response to determining that the request fails to comply with the cross-domain access heuristics; and
deleting, via the processor, the stored IP address or subnet in the at least one cache in response to the performing of the requested access or the blocking of the requested access.
7 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and computer program product for cross-domain access prevention are provided. The method includes detecting a request from a first domain to access a second domain, and applying cross-domain access heuristics to determine whether to allow the request. The cross-domain access heuristics define common ownership characteristics between the first domain and the second domain. The method further includes performing the requested access in response to determining that the request complies with at least one of the cross-domain access heuristics, and blocking the requested access in response to determining that the request fails to comply with the cross-domain access heuristics.
-
Citations
20 Claims
-
1. A method comprising:
-
accessing, via a processor, web-enabled content in a first domain including automatically executing a script in the content to receive request access to a web page in a second domain, the script being embedded in the web-enabled content; detecting, via the processor, the request from the first domain to access the second domain; applying, via the processor, cross-domain access heuristics to determine whether to allow the request, the cross-domain access heuristics defining determining common ownership characteristics between the first domain and the second domain; executing, via the processor, a client domain resolver for determining an associated Internet Protocol (IP) address or subnet for the second domain and storing the associated IP address or subnet in at least one cache, the executing of the client domain resolver in response to failing to determine the common ownership characteristics between the first and second domains; performing, via the processor, the requested access in response to determining that the request complies with at least one of the cross-domain access heuristics; and blocking, via the processor, the requested access in response to determining that the request fails to comply with the cross-domain access heuristics; and deleting, via the processor, the stored IP address or subnet in the at least one cache in response to the performing of the requested access or the blocking of the requested access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising a processor configured to perform a method, the method comprising:
-
a computer processing system configured to receive the request from the first domain including performing; accessing web-enabled content in a first domain including automatically executing a script in the content to receive request access to a web page in a second domain, the script being embedded in the content; detecting the request from the first domain to access the second domain; applying cross-domain access heuristics to determine whether to allow the request, the cross-domain access heuristics defining determining common ownership characteristics between the first domain and the second domain; executing a client domain resolver for determining an associated Internet Protocol (IP) address or subnet for the second domain and storing the associated IP address or subnet in at least one cache, the executing of the client domain resolver in response to failing to determine the common ownership characteristics between the first and second domains; performing the requested access in response to determining that the request complies with at least one of the cross-domain access heuristics; and blocking the requested access in response to determining that the request fails to comply with the cross-domain access heuristics; and deleting the stored IP address or subnet in the at least one cache in response to the performing of the requested access or the blocking of the requested access. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer program product comprising:
-
a non-transitory, tangible computer readable storage medium readable by a processing unit and storing instructions for execution by the processing unit for implementing a method, the method comprising; accessing web-enabled content in a first domain including automatically executing a script in the content to receive request access to a web page in a second domain, the script being embedded in the web-enabled content; detecting the request from the first domain to access the second domain; applying cross-domain access heuristics to determine whether to allow the request, the cross-domain access heuristics defining determining common ownership characteristics between the first domain and the second domain; executing a client domain resolver for determining an associated Internet Protocol (IP) address or subnet for the second domain and storing the associated IP address or subnet in at least one cache, the executing of the client domain resolver in response to failing to determine the common ownership characteristics between the first and second domains; performing the requested access in response to determining that the request complies with at least one of the cross-domain access heuristics; and blocking the requested access in response to determining that the request fails to comply with the at least one of the cross-domain access heuristics; and deleting the stored IP address or subnet in the at least one cache in response to the performing of the requested access or the blocking of the requested access. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification