[B! ã¯ã¾ã¡ã¡ã‚ƒã‚“] ockeghemã®ãƒ

ockeghem id:ockeghem

ã¯ã¾ã¡ã¡ã‚ƒã‚“ã«é–¢ã™ã‚‹ockeghemã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (7)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

5åˆ†ã§ã§ãã‚‹PHPã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å¯¾ç– - ã¼ãã¯ã¾ã¡ã¡ã‚ƒã‚“ï¼
ã“ã‚“ã«ã¡ã¯ã“ã‚“ã«ã¡ã¯ï¼ï¼ Webãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°ã—ã¦ã¾ã™ã‹ï¼ ã‚ˆãã€ŒPHPã¯ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãŒãƒ€ãƒ¡ã€ã¨ã‹è¨€ã‚ã‚Œã¦ã‚‹ã‚ˆãã€‚ ã§ã‚‚ãã‚Œã£ã¦ã€ã¹ã¤ã«PHPãŒæ‚ªã„ã‚“ã˜ã‚ƒãªãã¦ã€ ãŸã¶ã‚“ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã¨ã‹ãŒã€ã¾ã ã‚ˆãã‚ã‹ã‚‰ãªã„äººãŒå¤šã„ã ã‘ãªã‚“ã˜ã‚ƒãªã„ã‹ãªã€‚ ãŒã‚“ã°ã£ã¦å‹‰å¼·ã—ã‚ˆã†ã¨æ€ã£ã¦ã‚‚ã€ãªã‚“ã ã‹é›£ã—ã„ç†å±ˆãŒä¸¦ã‚“ã§ã„ãŸã‚Šã™ã‚‹ã—ãâ€¦ã€‚ ãªã®ã§ä»Šæ—¥ã¯ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å¯¾ç–ã«ã¤ã„ã¦ã€ ã€Œã“ã‚Œã ã‘ã‚„ã£ã¨ã‘ã°ã€ã‚ã‚Šã¨å®‰å…¨ã«ãªã‚‹ã‚ˆã€ã£ã¦ã“ã¨ã‚’ã€åˆå¿ƒè€…ã‚€ã‘ã«ã€å¤§é›‘æŠŠã«æ›¸ã„ã¦ã¿ã¾ã™ï¼ ç†å±ˆãŒã‚ã‹ã‚‰ãªãã¦ã‚‚ã€æœ€åˆã¯ã‚³ãƒ”ãƒšã§ã‚‚ã€ ãªã«ã‚‚ã‚„ã‚‰ãªã„ã‚ˆã‚Šã€ã‚„ã£ãŸã»ã†ãŒãã£ã¨ãƒžã‚·ã«ãªã‚‹ï¼ 1. XSSå¯¾ç– å‹•çš„ãªã‚‚ã®ã‚’è¡¨ç¤ºã™ã‚‹ã¨ãã€å…¨éƒ¨ã‚¨ã‚¹ã‚±ãƒ¼ãƒ—ã™ã‚Œã°okã§ã™ï¼ (NG) ã‚ãªãŸã®åå‰ã¯ <?= $name ?> ã§ã™ãï¼ â†“ (OK) ã‚ãªãŸã®åå‰ã¯ <?= htmlspecialchars($name, ENT_QUOTES) ?>
ockeghem 2012/02/16
ã“ã‚Œå®ˆã‚‹ã ã‘ã‚‚å¤§å¤‰ãã†ã€‚ã€Žhtmlã®å±žæ€§éƒ¨åˆ†ã«ã¯ã€åŽŸå‰‡ã¨ã—ã¦å‹•çš„ãªã‚‚ã®ã‚’åŸ‹ã‚è¾¼ã¾ãªã„ã€<é›£ã—ããªã„? ã‚ã¨åˆå¿ƒè€…ã«ã¯mdb2ã¯ãã¤ã„ã‹ã‚‚

php

ã¯ã¾ã¡ã¡ã‚ƒã‚“

security
ãƒªãƒ³ã‚¯
Gmailâ˜†å ã„
ã“ã®ãƒšãƒ¼ã‚¸ã®ã¯ã¦ãªãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ã®ã‚³ãƒ¡ãƒ³ãƒˆ â†’ Gmailâ˜†å ã„ by Hamachiya2 (Blog / Twitter) ã€ã‚ˆãå½“ãŸã‚‹ï¼ã€‘ Gmailâ˜†å ã„ ã€æ‹æ„›æˆå°±ã€‘ ã‚ãªãŸã®Gmailã‚’ãŠã—ãˆã¦ãâ˜† Gmailã®ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’å…¥åŠ›ã—ã¦ãâ˜† â€»ã‚½ãƒ¼ã‚¹ã‚’è¦‹ã‚Œã°ã‚ã‹ã‚‹ã‘ã©ã€ID/PWã¯ã©ã“ã«ã‚‚é€ä¿¡ã—ã¦ã„ã¾ã›ã‚“ã—å–å¾—ã‚‚ã—ã¦ã„ã¾ã›ã‚“ (ãƒã‚°ç‰ã«ã‚‚æ®‹ã‚Šã¾ã›ã‚“) æ°—ã‚’ã¤ã‘ã‚ˆã†ãï¼
ockeghem 2010/05/26
ã“ã‚Œã¯ã¾ãŸâ€¦ã€Žã‚ãªãŸã®Gmailã‚’ãŠã—ãˆã¦ãâ˜†Gmailã®ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’å…¥åŠ›ã—ã¦ãâ˜† ã€

gmail

ã¯ã¾ã¡ã¡ã‚ƒã‚“
ãƒªãƒ³ã‚¯
XSSã¨ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒªã‚¹ã‚¯ - ã¼ãã¯ã¾ã¡ã¡ã‚ƒã‚“ï¼
ã“ã‚“ã«ã¡ã¯ã“ã‚“ã«ã¡ã¯ï¼ï¼ ä»Šæ—¥ã€ã¯ã¦ãªã®äººæ°—è¨˜äº‹ã‚’è¦‹ã¦ã„ã¦ã“ã‚“ãªè¨˜äº‹ãŒã‚ã‚Šã¾ã—ãŸâ€¦ï¼ ã¡ã‚ƒã‚“ã¨ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®ã“ã¨è€ƒãˆã¦ã¾ã™ã‹ï½¥ï½¥ï½¥ï¼ï¼Ÿ ã€Žã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å¯¾ç–ã¨ã‹é›£ã—ã„ã—é¢å€’ãã›ãƒ¼ã—ã€ä¿ºã®é©å½“ã«ä½œã£ãŸã‚µãƒ¼ãƒ“ã‚¹ã¨ã‹ã©ã†ãªã£ã¦ã‚‚ã‚¤ã‚¤ã—ï½—ï½—ã€ ã„ã„ã‚“ã§ã™ã„ã„ã‚“ã§ã™ï¼ åˆ¥ã«ãã†æ€ã£ã¦ã‚‹ãªã‚‰ã©ã†ã§ã‚‚ã„ã„ã‚“ã§ã™ï¼ ã§ã‚‚ãã‚“ãªãƒ—ãƒã‚°ãƒ©ãƒ ã‚’Webä¸Šã§å…¬é–‹ã™ã‚“ã˜ã‚ƒããƒ¼ã‚ˆãƒœã‚±ã¨ã€‚ PHPã§èª°ã§ã‚‚ç°¡å˜Webã‚µãƒ¼ãƒ“ã‚¹è£½ä½œï¼ã§ãªã‚“ã‹ä½œã£ã¦å…¬é–‹ã—ãŸå¥´ã¡ã‚‡ã£ã¨æ¥ã„ - ç”˜å‘³å¿—å‘ï¼ ã¯ã¦ãª ãµã‚€ãµã‚€ã€PHPã§ç°¡å˜ã«ã¤ãã£ã¡ã‚ƒã†ã®ã¯è‰¯ã„ã‘ã©ã€ å…¬é–‹ã™ã‚‹ã®ãªã‚‰ã€ã¡ã‚ƒã‚“ã¨ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ›ãƒ¼ãƒ«ãªãã—ã¦ã‹ã‚‰ã«ã—ã¾ã—ã‚‡ã†ã ã£ã¦è¨˜äº‹ã§ã™ãï¼ ã§ã‚‚ã¼ãã¯ã€ã“ã®è¨˜äº‹ã‚’èªã‚“ã§ã‚‚â€¦ ãªãœXSSãŒã„ã‘ãªã„ã®ã‹ çµå±€ã‚ˆãã‚ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸâ€¦ã€‚ ã„ã¡ãŠã†XSSè„†å¼±æ€§ãŒã‚ã‚‹ã¨ãƒ€ãƒ¡ãªç†ç”±ã¨ã—ã¦ã€ä¸‹ã®ã‚ˆã†ãªã“ã¨ãŒæ›¸ã‹ã‚Œã¦ã‚ã£ãŸã‚“ã ã‘ã©â€¦ ãƒ•ã‚©ãƒ¼ãƒ ã«å…¥åŠ›ã—ãŸHT
ockeghem 2010/02/20
XSSãŒè„…å¨ã«ãªã‚‰ãªã„ã‚µã‚¤ãƒˆã‚‚ã‚ã‚‹ã‹ã‚‚ã—ã‚Œãªã„ãŒã€ãã‚Œã‚’åˆ¤æ–ã™ã‚‹ã®ã¯ã€XSSå¯¾ç–ã‚ˆã‚Šã‚‚ã¯ã‚‹ã‹ã«é›£ã—ã„ã€‚ã ã‹ã‚‰æ·¡ã€…ã¨XSSå¯¾ç–ã•ã›ãŸæ–¹ãŒè³¢æ˜Žã ã—ä½œã£ãŸäººã«ã‚‚å½¹ã«ç«‹ã¤

security

xss

ã¯ã¾ã¡ã¡ã‚ƒã‚“
ãƒªãƒ³ã‚¯
URLè¸ã‚€ã¨ã€Œã“ã‚“ã«ã¡ã¯ã€€ã“ã‚“ã«ã¡ã¯!!ã€ã€€Amebaãªã†ã®CSRFè„†å¼±æ€§ã§â€œæ„å›³ã—ãªã„æŠ•ç¨¿â€åºƒãŒã‚‹
12æœˆ10æ—¥ã«PCç‰ˆãŒã‚¹ã‚¿ãƒ¼ãƒˆã—ãŸã‚µã‚¤ãƒãƒ¼ã‚¨ãƒ¼ã‚¸ã‚§ãƒ³ãƒˆã®ãƒŸãƒ‹ãƒ–ãƒã‚°ã‚µãƒ¼ãƒ“ã‚¹ã€ŒAmebaãªã†ã€ã§ã€ã‚ã‚‹URLã‚’ã‚¯ãƒªãƒƒã‚¯ã™ã‚‹ã¨ã€ã€Œã“ã‚“ã«ã¡ã¯ã€€ã“ã‚“ã«ã¡ã¯!!ã€ã¨ã„ã†ãƒ•ãƒ¬ãƒ¼ã‚ºã¨ã‚¯ãƒªãƒƒã‚¯ã—ãŸURLæ–‡å—åˆ—ãŒè‡ªå‹•ã§æŠ•ç¨¿ã•ã‚Œã€ã€Œã¯ã¾ã¡ã‚„2ã€ã•ã‚“ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆã‚’è‡ªå‹•ã§ãƒ•ã‚©ãƒãƒ¼ã—ã¦ã—ã¾ã†ã¨ã„ã†ç¾è±¡ãŒåºƒãŒã£ãŸã€‚ URLã‚’ã‚¯ãƒªãƒƒã‚¯ã—ãŸãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæ„å›³ã—ãªã„æ©Ÿèƒ½ã‚’å®Ÿè¡Œã•ã›ã‚‰ã‚Œã‚‹Webã‚¢ãƒ—ãƒªã®è„†å¼±æ€§ã®ä¸€ç¨®ãƒ»ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒªã‚¯ã‚¨ã‚¹ãƒˆãƒ•ã‚©ãƒ¼ã‚¸ã‚§ãƒªï¼ˆCSRFï¼‰ã‚’çªã„ãŸã‚‚ã®ã€‚åŒç¤¾ã¯10æ—¥å¤œã€URLã‚’ã‚¯ãƒªãƒƒã‚¯ã—ãªã„ã‚ˆã†ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«å‘ŠçŸ¥ã€‚èª¤ã£ã¦ã‚¯ãƒªãƒƒã‚¯ã—ãŸå ´åˆã¯æŠ•ç¨¿ã‚’å‰Šé™¤ã—ã€ã¯ã¾ã¡ã‚„2ã•ã‚“ã®ãƒ•ã‚©ãƒãƒ¼ã‚’å¤–ã™ã‚ˆã†å‘¼ã³æŽ›ã‘ãŸã€‚11æ—¥æœã¾ã§ã«è„†å¼±æ€§ã‚‚ä¿®æ£ã—ãŸã¨ã„ã†ã€‚ mixiã§ã‚‚2005å¹´ã€ã‚ã‚‹URLã‚’ã‚¯ãƒªãƒƒã‚¯ã™ã‚‹ã¨ã€Œã¼ãã¯ã¾ã¡ã¡ã‚ƒã‚“ï¼ã€ã¨ã„ã†æ—¥è¨˜ãŒå‹æ‰‹ã«æŠ•ç¨¿ã•ã‚Œã‚‹ã¨ã„ã†ã€CSRFã‚’åˆ©ç”¨ã—ãŸã‚¹ãƒ‘ãƒ ãŒæµé€šã—ãŸã“ã¨ãŒã‚ã£ãŸã€‚ã‚³ãƒŸãƒ¥ãƒ‹ãƒ†ã‚£ãƒ¼ã‚µã‚¤ãƒˆæ§‹
ockeghem 2009/12/11
ã€Žã‚³ãƒŸãƒ¥ãƒ‹ãƒ†ã‚£ãƒ¼ã‚µã‚¤ãƒˆæ§‹ç¯‰ã«è©³ã—ã„å°‚é–€å®¶ã¯ã€ã€ŒCSRFå¯¾ç–ã¯åŸºæœ¬çš„ãªã¨ã“ã‚ã€‚Amebaãªã†ãŒå¯¾ç–ã—ã¦ã„ãªã‹ã£ãŸã®ã¯æ„å¤–ã ã€ã¨è©±ã—ã¦ã„ã‚‹ã€<å°‚é–€å®¶ãªã‚‰åŒ¿åã«ã—ãªãã¦ã„ã„ã®ã§ã¯?

ã¯ã¾ã¡ã¡ã‚ƒã‚“

security
ãƒªãƒ³ã‚¯
ç¬¬4å›žã€€CSRFå¯¾ç–å®Œçµç·¨ï½žãƒˆãƒ¼ã‚¯ãƒ³ã§ãƒˆãƒ¼ã‚¯ã—ã‚ˆã†ï¼ | gihyo.jp
ï¼œå‰å›žã®ãŠè©±ï¼žã€€ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°æœªçµŒé¨“ï¼ˆ14æ³ï¼‰ã¨ã¯æ€ãˆãªã„æŠœç¾¤ã®ã‚»ãƒ³ã‚¹ã‚’ç™ºæ®ã—ã ã—ãŸã‚ã‹ã°ã¡ã‚ƒã‚“ã€‚ã—ã‹ã—ã€æ¬¡ã€…ã«ç¹°ã‚Šå‡ºã—ãŸCSRFå¯¾ç–ã‚‚ã€ã¯ã¾ã¡ã¡ã‚ƒã‚“ã«ã“ã¨ã”ã¨ãè·³ãè¿”ã•ã‚Œã¦ã—ã¾ã„ã¾ã™ã€‚ãã‚Œã˜ã‚ƒã€ã„ã£ãŸã„ã©ã†ã™ã‚Œã°â€¦!? æ°—ã«ãªã‚‹CSRFå¯¾ç–å®Œçµç·¨ã®ã¯ã˜ã¾ã‚Šã¯ã˜ã¾ã‚Šï¼ ã¾ã¨ã‚ ã¤ã„ã«å®Œçµã—ãŸCSRFç·¨ã€‚ã„ã‹ãŒã§ã—ãŸã‹ã€‚CSRFã•ã‚Œã¦ã¯å›°ã‚‹ã‚ˆã†ãªå¤§äº‹ãªç”»é¢ã§ã¯ã€ã“ã®ã‚ˆã†ã«ãƒˆãƒ¼ã‚¯ãƒ³ã¨å‘¼ã°ã‚Œã‚‹ã€Œåˆã„è¨€è‘‰ã€ã‚’ä½¿ã£ã¦ã€CSRFã¸ã®å¯¾ç–ãŒè¡Œã‚ã‚Œã‚‹ã“ã¨ãŒå¤šã„ã®ã§ã™ã€‚ãƒˆãƒ¼ã‚¯ãƒ³ã«ã¤ã„ã¦ã®è©³ç´°ã¯ãƒžãƒ³ã‚¬ã§ã¯çœç•¥ã—ã¦ã„ã¾ã™ãŒã€ã‚¤ãƒ¡ãƒ¼ã‚¸ã¯æŽ´ã‚“ã§ã„ãŸã ã‘ãŸã§ã—ã‚‡ã†ã‹ã€‚ ã€Œãƒˆãƒ¼ã‚¯ãƒ³ã‚’ä½¿ã£ãŸæ–¹æ³•ã€ã¨ä¸€è¨€ã§è¨€ã£ã¦ã‚‚ã€å®Ÿã¯ã•ã¾ã–ã¾ãªå®Ÿè£…æ–¹æ³•ãŒã‚ã‚Šã¾ã™ã€‚ã‚ˆãä½¿ã‚ã‚Œã¦ã„ã‚‹ã®ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã”ã¨ã«1ã¤ã®ãƒˆãƒ¼ã‚¯ãƒ³ã‚’ç™ºè¡Œï¼ˆå›ºå®šãƒˆãƒ¼ã‚¯ãƒ³â ï¼‰â ã€ã¾ãŸã¯ãƒ•ã‚©ãƒ¼ãƒ ã®å‡ºåŠ›æ™‚ã«æ¯Žå›žãƒˆãƒ¼ã‚¯ãƒ³ã‚’ç™ºè¡Œï¼ˆãƒ¯ãƒ³ã‚¿ã‚¤ãƒ ãƒˆãƒ¼ã‚¯ãƒ³ï¼‰ã—ã¦ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒ‡ãƒ¼ã‚¿ã¸æ ¼ç´ã—ã¦
ockeghem 2009/02/26
æ¤œæŸ»ã—ã¦ã„ã‚‹ã¨ã€ãƒˆãƒ¼ã‚¯ãƒ³ã¯é£›ã°ã—ã¦ã„ã‚‹ã‘ã©ãƒã‚§ãƒƒã‚¯ã—ã¦ã„ãªã„ã‚µã‚¤ãƒˆã‚‚å¤šã„ãã€‚æ¤œæŸ»ãƒ„ãƒ¼ãƒ«ã¨ã‹ã ã¨ã€CSRFãªã—ã«åˆ¤å®šã™ã‚‹ã®ã ã‚ã†ã‹?

security

ã¯ã¾ã¡ã¡ã‚ƒã‚“
ãƒªãƒ³ã‚¯
ãƒãƒžãƒã‚’ã¡ã‚ƒã‚“ã¨ãƒ†ãƒªãƒ¤ã‚ã«ã™ã‚‹ã®ã¯é›£ã—ã„ - ã‚¨ãƒ¢ãƒ¼ã‚·ãƒ§ãƒŠãƒ«æ˜†è™«
é«˜æœ¨æµ©å…‰ã•ã‚“ãƒªã‚¹ãƒšã‚¯ãƒˆãƒã‚¿ã€‚ä½•åº¦ã‹ã‚¨ãƒ³ãƒˆãƒªã«æ›¸ã„ã¦ã„ã‚‹ã‚ˆã†ã«ã€ç§ã®å‹¤å‹™å…ˆã«ã¯ã¯ã¾ã¡ã‚„2ã¨ã„ã†ã‚¹ãƒ¼ãƒ‘ãƒ¼ãƒã‚«ãƒ¼ãŒã„ã‚‹ã€‚å½¼ã¯ã‚ã‚‹ã‚¦ã‚§ãƒ–ã‚µãƒ¼ãƒ“ã‚¹ã®é–‹ç™ºã«é–¢ã‚ã£ã¦ã„ã‚‹ã®ã ã‘ã©ã€ã©ã†ã‚‚å½¼ã®é…åˆ»ç™–ã®ãŸã‚ã«é€²è¡ŒãŒæ»žã‚ŠãŒã¡ã«ãªã£ã¦ã„ã‚‹ã€‚è·å ´ã¯åŸºæœ¬çš„ã«10æ™‚å§‹ã¾ã‚Š19æ™‚çµ‚ã‚ã‚Šã®å‹¤å‹™ä½“ç³»ã§ã€æ¯Žæœ11æ™‚ã«ãƒŸãƒ¼ãƒ†ã‚£ãƒ³ã‚°ãŒã‚ã‚‹ã€‚ã«ã‚‚ã‹ã‹ã‚ã‚‰ãšã€å½¼ã¯10æ™‚ã¯ãŠã‚ã‹11æ™‚ã®æœãƒŸã«ã™ã‚‰é…åˆ»ã™ã‚‹ã€‚åˆå¾Œå‡ºç¤¾ã‚‚çã—ããªã„ã€‚ã„ã‚ã„ã‚ãªåŽŸå› ã§ãƒ€ãƒ³ãƒ‰ãƒªãŒã†ã¾ãã„ã‹ãªããªã£ã¦ã„ã¦ã€æˆã‚Šè¡Œãã§ç§ãŒãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®é€²è¡Œç®¡ç†ã‚’ã™ã‚‹ã“ã¨ã«ãªã£ãŸã€‚ã—ã‹ã—ã€è‚å¿ƒã‹ãªã‚ã®å½¼ãŒæœã®ãƒŸãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã«ã„ãªã„ã“ã¨ãŒå¤šã„ã€‚ãŸã¨ãˆã°ã€ã“ã“ã‚“ã¨ã“ã®Twitterã®ç§ã®æœã®ç™ºè¨€ã‚’æŠœãå‡ºã™ã¨ã“ã‚“ãªæ„Ÿã˜ã«ãªã£ã¦ã„ã‚‹ã€‚http://twitter.com/semisan/statuses/906360902(ãƒ»eãƒ») ã¯ã¾ã¡ã‚„ã“ãªã„ã€‚ã€‚ã€‚http://twitter.com/
ockeghem 2008/09/08
ã¯ã¾ã¡ã¡ã‚ƒã‚“
ãƒªãƒ³ã‚¯
é«˜æœ¨æµ©å…‰ï¼ è‡ªå®…ã®æ—¥è¨˜ - ãƒãƒžãƒã‚’ã¡ã‚ƒã‚“ã¨ãƒ†ãƒªãƒ¤ã‚ã«ã™ã‚‹ã®ã¯é›£ã—ã„, CSRFè„†å¼±æ€§ã‚’çªãæ”»æ’ƒè¡Œç‚ºã‚’ç¾è¡Œæ³•ã§å‡¦ç½°ã§ãã‚‹ã‹
â– CSRFè„†å¼±æ€§ã‚’çªãæ”»æ’ƒè¡Œç‚ºã‚’ç¾è¡Œæ³•ã§å‡¦ç½°ã§ãã‚‹ã‹ CSRFè„†å¼±æ€§ãŒæ”»æ’ƒã•ã‚Œã‚‹ã“ã¨ã¯ã€ãã‚ŒãŒã‚‚ãŸã‚‰ã™è¢«å®³ã®å†…å®¹ã«ã‚ˆã£ã¦ã¯ã€ä¸æ£ã‚¢ã‚¯ã‚»ã‚¹ç¦æ¢æ³•ãŒå®ˆã‚ã†ã¨ã—ã¦ã„ã‚‹ã‚‚ã®ã¨åŒç‰ã®ã‚‚ã®ãŒä¾µå®³ã•ã‚Œã‚‹å ´åˆã‚‚ã‚ã‚‹ã€‚ãŸã¨ãˆã°ã€æœ¬äººã§ãªã‘ã‚Œã°è¦‹ã‚‹ã“ã¨ã®ã§ããªã„ã¯ãšã®æƒ…å ±ãŒã€CSRFè„†å¼±æ€§ã‚’çªãç½ ã‚’ä»•æŽ›ã‘ãŸè€…ã«é€ä¿¡ã•ã‚Œã‚‹ã¨ã„ã£ãŸæ”»æ’ƒã¯ã€ä¸æ£ã‚¢ã‚¯ã‚»ã‚¹è¡Œç‚ºã®å…¸åž‹çš„ãªä¾µå®³äº‹ä¾‹ã¨åŒæ§˜ã®è¢«å®³ã‚’ã‚‚ãŸã‚‰ã™ã€‚ã¾ãŸã€åŒæ³•ã®ç›®çš„ã§ã‚ã‚‹ã€Œã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡æ©Ÿèƒ½ã«ã‚ˆã‚Šå®Ÿç¾ã•ã‚Œã‚‹é›»æ°—é€šä¿¡ã«é–¢ã™ã‚‹ç§©åºã®ç¶æŒã€ï¼ˆç¬¬1æ¡ï¼‰ãŒæãªã‚ã‚Œã‚‹ã¨ã„ã†ç‚¹ã‚‚å…±é€šã™ã‚‹ã€‚ ã—ã‹ã—ãªãŒã‚‰ã€CSRFè„†å¼±æ€§ã‚’çªãæ”»æ’ƒè¡Œç‚ºã¯ã€çµæžœãŒåŒã˜ã¦ã‚ã£ã¦ã‚‚æ‰‹æ®µãŒç•°ãªã‚‹ãŸã‚ã«ã€ä¸æ£ã‚¢ã‚¯ã‚»ã‚¹ç¦æ¢æ³•ã«ã‚ˆã‚‹å‡¦ç½°ã¯é›£ã—ã„ã®ã§ã¯ãªã„ã‹ã¨ä»¥å‰ã‹ã‚‰æ€ã£ã¦ã„ãŸã€‚ã“ã‚Œã«ã¤ã„ã¦ã¯ã€2005å¹´7æœˆ3æ—¥ã®æ—¥è¨˜ã€Œã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒªã‚¯ã‚¨ã‚¹ãƒˆãƒ•ã‚©ãƒ¼ã‚¸ã‚§ãƒªï¼ˆCSRFï¼‰å¯¾ç–ãŒã„ã¾ã„ã¡é€²ã¾ãªã‹ã£ãŸã®ã¯ãªãœã‹ã€ã«ã‚‚æ›¸ã„ãŸã€‚
ockeghem 2008/03/15
é«˜æœ¨å…ˆç”Ÿã€ãŠèŒ¶ç›®

neta

ã¯ã¾ã¡ã¡ã‚ƒã‚“

é«˜æœ¨æµ©å…‰
ãƒªãƒ³ã‚¯
1