[B! rails] hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

hasegawayosuke id:hasegawayosuke

railsã«é–¢ã™ã‚‹hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

å¿—æ‘© on Twitter: "ã€Œãƒ«ãƒ“ã‚£ on Railsã€ã£ã¦ã©ã‚Œã ã‘ã®äººãŒæ€ã£ãŸã‚“ã ã‚ https://t.co/kwAxnQCvWJ"
hasegawayosuke 2017/05/02
ruby

rails

neta
ãƒªãƒ³ã‚¯
Rails ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¬ã‚¤ãƒ‰ | Rails ã‚¬ã‚¤ãƒ‰
ã“ã®ãƒžãƒ‹ãƒ¥ã‚¢ãƒ«ã§ã¯ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å…¨èˆ¬ã«ãŠã‘ã‚‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®å•é¡Œã¨ã€Railsã§ãã‚Œã‚‰ã®å•é¡Œã‚’å›žé¿ã™ã‚‹æ–¹æ³•ã«ã¤ã„ã¦èª¬æ˜Žã—ã¾ã™ã€‚ ã“ã®ã‚¬ã‚¤ãƒ‰ã®å†…å®¹: æœ¬ã‚¬ã‚¤ãƒ‰ã§å–ã‚Šä¸Šã’ã‚‰ã‚Œã¦ã„ã‚‹å•é¡Œã«å¯¾ã™ã‚‹ã‚ã‚‰ã‚†ã‚‹å¯¾ç– Railsã«ãŠã‘ã‚‹ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®æ¦‚å¿µã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã«å«ã‚ã‚‹ã¹ãé …ç›®ã€æœ‰åãªã‚»ãƒƒã‚·ãƒ§ãƒ³æ”»æ’ƒ Webã‚µã‚¤ãƒˆã‚’é–‹ãã ã‘ã§ï¼ˆCSRFã«ã‚ˆã‚‹ï¼‰ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å•é¡ŒãŒç™ºç”Ÿã™ã‚‹ã—ãã¿ ãƒ•ã‚¡ã‚¤ãƒ«ã®å–æ‰±ã„ä¸Šã®æ³¨æ„ã€ç®¡ç†ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ã‚¤ã‚¹ã‚’æä¾›ã™ã‚‹éš›ã®æ³¨æ„äº‹é … ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’æ£ã—ãç®¡ç†ã™ã‚‹ï¼ˆãƒã‚°ã‚¤ãƒ³ãƒ»ãƒã‚°ã‚¢ã‚¦ãƒˆã®ã—ãã¿ã€ã‚ã‚‰ã‚†ã‚‹ãƒ¬ã‚¤ãƒ¤ã«ãŠã‘ã‚‹æ”»æ’ƒæ–¹æ³•ï¼‰ æœ€ã‚‚æœ‰åãªã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³æ”»æ’ƒæ–¹æ³•ã®è§£èª¬ 1 ã¯ã˜ã‚ã« Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ã¯ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã®é–‹ç™ºã‚’æ”¯æ´ã™ã‚‹ãŸã‚ã«ä½œã‚‰ã‚Œã¾ã—ãŸã€‚ãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ã®ä¸ã«ã¯ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’æ¯”è¼ƒçš„é«˜ã‚ã‚„ã™ã„ã‚‚ã®ã‚‚ã‚ã‚Šã¾ã™ã€‚å®Ÿéš›ã®ã¨ã“ã‚ã€ã‚ã‚‹ãƒ•ãƒ¬ãƒ¼ãƒ ãƒ¯ãƒ¼ã‚¯ã¯ä»–ã®ã‚ˆã‚Šã‚‚å®‰
hasegawayosuke 2015/07/10
ã€ŒRails ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¬ã‚¤ãƒ‰ã€€ã“ã®ãƒžãƒ‹ãƒ¥ã‚¢ãƒ«ã§ã¯ã€Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³å…¨èˆ¬ã«ãŠã‘ã‚‹ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®å•é¡Œã¨ã€Railsã§ãã‚Œã‚‰ã®å•é¡Œã‚’å›žé¿ã™ã‚‹æ–¹æ³•ã«ã¤ã„ã¦èª¬æ˜Žã—ã¾ã™ã€‚ã€

rails

security
ãƒªãƒ³ã‚¯
Chrome XSS Protection Bias (using Rails) - Labs Detectify
The Chrome XSS Protection (also known as XSS auditor) checks whether a script thatâ€™s about to run on a web page is also present in the request that fetched that web page. If the script is present in the request, thatâ€™s a strong indication that the web server might have been tricked into reflecting the script. So in short, it blocks reflected XSS attacks. A couple of months ago I discovered that th
hasegawayosuke 2014/01/16
rails

xss

chrome

webkit
ãƒªãƒ³ã‚¯
Stealing user session with open-redirect bug in Rails
Is open redirect bad for your website? If we don't take into account "phishing", how can be open redirect dangerous? Mind readingÂ http://homakov.blogspot.com/2013/03/redirecturi-is-achilles-heel-of-oauth.htmlÂ because any redirect to 3rd party website will leak facebook access_tokens of your users. So innocent open redirect on logout will simply reveal access_token of current user when we set redir
hasegawayosuke 2013/11/20
rails

openredir

xss
ãƒªãƒ³ã‚¯
1

ãŠçŸ¥ã‚‰ã›

ã‚‚ã£ã¨èªã‚€

å…¬å¼Twitter

@hatebu
æœ€æ–°ã®äººæ°—ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®é…ä¿¡

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

jæ¬¡ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

kå‰ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

lã‚ã¨ã§èªã‚€

eã‚³ãƒ¡ãƒ³ãƒˆä¸€è¦§ã‚’é–‹ã

oãƒšãƒ¼ã‚¸ã‚’é–‹ã

è¨å®šã‚’å¤‰æ›´ã—ã¾ã—ãŸx

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

ã‚¿ã‚°

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (7)

railsã«é–¢ã™ã‚‹hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4)

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬2é€±ï¼‰

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬1é€±ï¼‰

æœˆé–“ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´11æœˆï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

ã‚¿ã‚°

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (7)

railsã«é–¢ã™ã‚‹hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4)

å¿—æ‘© on Twitter: "ã€Œãƒ«ãƒ“ã‚£ on Railsã€ã£ã¦ã©ã‚Œã ã‘ã®äººãŒæ€ã£ãŸã‚“ã ã‚ https://t.co/kwAxnQCvWJ"

Rails ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£ã‚¬ã‚¤ãƒ‰ | Rails ã‚¬ã‚¤ãƒ‰

Chrome XSS Protection Bias (using Rails) - Labs Detectify

Stealing user session with open-redirect bug in Rails

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬2é€±ï¼‰

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬1é€±ï¼‰

æœˆé–“ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚­ãƒ³ã‚°ï¼ˆ2024å¹´11æœˆï¼‰

å…¬å¼Twitter

ã‚­ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹

é–¢é€£ã‚¿ã‚°ã§çµžã‚Šè¾¼ã‚€ (7)

railsã«é–¢ã™ã‚‹hasegawayosukeã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (4)

å¿—æ‘© on Twitter: "ã€Œãƒ«ãƒ“ã‚£ on Railsã€ã£ã¦ã©ã‚Œã ã‘ã®äººãŒæ€ã£ãŸã‚“ã ã‚ https://t.co/kwAxnQCvWJ"

Rails ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚¬ã‚¤ãƒ‰ | Rails ã‚¬ã‚¤ãƒ‰

ãŠçŸ¥ã‚‰ã›

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬2é€±ï¼‰

ä»Šé€±ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´12æœˆç¬¬1é€±ï¼‰

æœˆé–“ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯æ•°ãƒ©ãƒ³ã‚ãƒ³ã‚°ï¼ˆ2024å¹´11æœˆï¼‰

å…¬å¼Twitter

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

å…¬å¼Twitter

ã¯ã¦ãªã®ã‚µãƒ¼ãƒ“ã‚¹