[B! ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£] yuichi_yã®ãƒ

yuichi_y id:yuichi_y

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«é–¢ã™ã‚‹yuichi_yã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (6)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰é–‹ç™ºã®ãŸã‚ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å…¥é–€
Developers Summit 2023 10-A-4 ã€Œãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰é–‹ç™ºã®ãŸã‚ã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å…¥é–€ã€ã®ç™ºè¡¨è³‡æ–™ã§ã™ã€‚ https://event.shoeisha.jp/devsumi/20230209/session/4176/ ã€ŒHTTPSåŒ–ã€ã€ŒCORSã€ã€ŒXSSã€ã€Œè„†å¼±ãªãƒ©ã‚¤ãƒ–ãƒ©ãƒªã®â€¦
yuichi_y 2023/02/10
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

ãƒ•ãƒãƒ³ãƒˆã‚¨ãƒ³ãƒ‰
ãƒªãƒ³ã‚¯
è‡ªè»¢è»Šã®ç›—é›£å¯¾ç–ã¯SIMå†…è”µã§è²¼ã‚Šä»˜ã‘ã‚‹ã ã‘ã®ã€ŽTrackerPadã€ã§ï¼ - é€±åˆŠã‚¢ã‚¹ã‚ãƒ¼
Kickstarterã§è³‡é‡‘èª¿é”ä¸ã®ã€ŽTrackerPadã€ã¯ã€10ãƒšãƒ³ã‚¹ç¡¬è²¨ï¼ˆç´„24.5ãƒŸãƒªï¼‰ã¨ã»ã¼åŒã˜ã‚µã‚¤ã‚ºã®æœ¬ä½“ã«ãƒ—ãƒªãƒšã‚¤ãƒ‰SIMãŒçµ„ã¿è¾¼ã¾ã‚Œã¦ãŠã‚Šã€æœ€å¤§7æ—¥é–“ã‚¹ãƒžãƒ›ã«ä½ç½®æƒ…å ±ã‚’å ±å‘Šã§ãã‚‹GPSãƒˆãƒ©ãƒƒã‚«ãƒ¼ã€‚è²¼ã‚Šä»˜ã‘ãŸã‚¢ã‚¤ãƒ†ãƒ ã®ä½ç½®æƒ…å ±ã®è¿½è·¡ã ã‘ã§ãªãã€ã‚¸ã‚ªãƒ•ã‚§ãƒ³ã‚·ãƒ³ã‚°ï¼ˆæ©Ÿå™¨ãŒæŒ‡å®šç¯„å›²ã‹ã‚‰å¤–ã‚Œã‚‹ã¨æ±ºã‚ã‚‰ã‚ŒãŸå‹•ä½œã‚’å®Ÿè¡Œï¼‰ã‚‚å¯èƒ½ã€‚ãŸã¨ãˆã°é§è¼ªå ´ã‹ã‚‰è‡ªè»¢è»ŠãŒç§»å‹•ã•ã‚ŒãŸéš›ã«ã‚¹ãƒžãƒ›ã«ç§»å‹•è¦å‘Šã‚’é€šçŸ¥ã™ã‚‹ã¨ã„ã£ãŸä½¿ã„æ–¹ãŒã§ãã‚‹ã€‚ ã‚¢ãƒ¼ãƒªãƒ¼ãƒãƒ¼ãƒ‰æž ã®ä¾¡æ ¼ã¯ã€ŽTrackerPadã€2æžšã¨ãƒ¯ã‚¤ãƒ¤ãƒ¬ã‚¹å……é›»ãƒãƒ£ãƒ¼ã‚¸ãƒ£ãƒ¼ã€å°‚ç”¨ã‚¢ãƒ—ãƒªã®ãƒ—ãƒãƒ¢ãƒ¼ã‚·ãƒ§ãƒ³ã‚³ãƒ¼ãƒ‰ã®ã‚»ãƒƒãƒˆã§30è‹±ãƒãƒ³ãƒ‰ï¼ˆç´„5800å††ï¼‰ã€‚ã€ŽTrackerPadã€5æžšã‚»ãƒƒãƒˆã®ä¾¡æ ¼ã¯45è‹±ãƒãƒ³ãƒ‰ï¼ˆç´„8700å††ï¼‰ã€‚å‡ºè·ã¯ä»Šå¹´12æœˆã‚’äºˆå®šã—ã¦ãŠã‚Šã€å…¨ä¸–ç•Œã¸ã®ç™ºé€ã«å¯¾å¿œã™ã‚‹ã€‚ ä½¿ã„æ–¹ã¯ã‚«ãƒ³ã‚¿ãƒ³ã€‚ã€ŽTrackerPadã€è¡¨ã«å°åˆ·ã•ã‚ŒãŸQRã‚³ãƒ¼ãƒ‰ã‚’ã‚¹ãƒžãƒ›ã‚¢ãƒ—ãƒªã§èªã¿è¾¼ã¿
yuichi_y 2015/07/15
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
ãƒªãƒ³ã‚¯
The Heartbleed Hit List: The Passwords You Need to Change Right Now
It's time to update your passwords to various sites affected by the Heartbleed bug. Credit: Mashable composite. iStockphoto, SoberP An encryption flaw called the Heartbleed bug is already being dubbed one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services -- ones you might use every day, like Gmail and Facebook -- and could have quie
yuichi_y 2014/04/11
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

Heartbleed

security
ãƒªãƒ³ã‚¯
3åˆ†ã§åˆ†ã‹ã‚‹AngularJSã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ - teppeis blog
å…ˆæ—¥ã®ng-mtg#4 AngularJS å‹‰å¼·ä¼šã§LTã—ã‚ˆã†ã¨æ€ã£ãŸã‘ã©ç”³ã—è¾¼ã¿ãŒé–“ã«åˆã‚ãªã‹ã£ãŸã®ã§ãƒ–ãƒã‚°ã«æ›¸ãã¾ã™ã€‚ å…ˆæœˆãƒªãƒªãƒ¼ã‚¹ã•ã‚ŒãŸAngularJS 1.2ã¯ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãŒã‚“ã°ã£ã¦ã‚‹çš„ãªã“ã¨ã‚’èžã„ãŸã®ã§ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å‘¨ã‚Šã®ä»•çµ„ã¿ã‚’èª¿ã¹ã¦ã¿ã¾ã—ãŸã€‚ ãŠé¡Œã¯ä»¥ä¸‹ã§ã™ã€‚ CSRF JSON CSP (Content Security Policy) Escaping CSRF ãƒ¦ãƒ‹ãƒ¼ã‚¯ãªãƒˆãƒ¼ã‚¯ãƒ³ã‚’HTTPãƒªã‚¯ã‚¨ã‚¹ãƒˆã«è¼‰ã›ã¦ã‚µãƒ¼ãƒãƒ¼ã§ãƒã‚§ãƒƒã‚¯ã™ã‚‹å¯¾å¿œãŒä¸–ã®ä¸ã§ã¯ä¸»æµï¼ˆæœ€è¿‘ã¯ã‚«ã‚¹ã‚¿ãƒ ãƒ˜ãƒƒãƒ€ã®ãƒã‚§ãƒƒã‚¯ã«ã‚ˆã‚‹å¯¾ç–ã‚‚ï¼‰ AngularJSã§ã¯ã€XSRF-TOKEN Cookieã«ãƒˆãƒ¼ã‚¯ãƒ³ãŒè¼‰ã£ã¦ã„ã‚‹ã¨ã€$httpã‚’ä½¿ã£ãŸHTTPãƒªã‚¯ã‚¨ã‚¹ãƒˆã®ãƒ˜ãƒƒãƒ€ã«è‡ªå‹•çš„ã«X-XSRF-TOKENãƒ˜ãƒƒãƒ€ãƒ¼ãŒä»˜ãã€‚ XSRF-TOKEN Cookieã¯ã‚‚ã¡ã‚ã‚“Not HttpOnlyã§ã€‚ Angularç•Œã§ã¯CS
yuichi_y 2013/12/06
AngularJS

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
ãƒªãƒ³ã‚¯
æ©Ÿå¯†æƒ…å ±ã‚’å«ã‚€JSONã«ã¯ X-Content-Type-Options: nosniff ã‚’ã¤ã‘ã‚‹ã¹ã - è‘‰ã£ã±æ—¥è¨˜
Webã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã«ãŠã„ã¦JSONã‚’ç”¨ã„ã¦ãƒ–ãƒ©ã‚¦ã‚¶ - ã‚µãƒ¼ãƒé–“ã§ãƒ‡ãƒ¼ã‚¿ã®ã‚„ã‚Šå–ã‚Šã‚’è¡Œã†ã“ã¨ã¯ã‚‚ã¯ã‚„æ™®é€šã®ã“ã¨ã§ã™ãŒã€ã“ã®ã¨ãJSONå†…ã«ç¬¬ä¸‰è€…ã«æ¼ã‚Œã¦ã¯å›°ã‚‹æ©Ÿå¯†æƒ…å ±ãŒå«ã¾ã‚Œã‚‹å ´åˆã¯ã€å¿…ãš X-Content-Type-Options: nosniff ãƒ¬ã‚¹ãƒãƒ³ã‚¹ãƒ˜ãƒƒãƒ€ã‚’ã¤ã‘ã‚‹ã‚ˆã†ã«ã—ã¾ã—ã‚‡ã†(ã‚€ã—ã‚æ©Ÿå¯†æƒ…å ±ã‹ã©ã†ã‹ã«é–¢ã‚ã‚‰ãšã€å…¨ã¦ã®ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã«ã¤ã‘ã‚‹ã»ã†ãŒã‚ˆã„ã€‚é–¢é€£:X-Content-Type-Options: nosniff ã¤ã‹ã‚ãªã„ã‚„ã¤ã¯æ»ãã°ã„ã„ã®ã«! - è‘‰ã£ã±æ—¥è¨˜)ã€‚ ä¾‹ãˆã°ã€æ©Ÿå¯†æƒ…å ±ã‚’å«ã‚€ä»¥ä¸‹ã®ã‚ˆã†ãªJSONé…åˆ—ã‚’è¿”ã™ãƒªã‚½ãƒ¼ã‚¹(http://example.jp/target.json)ãŒã‚ã£ãŸã¨ã—ã¾ã™ã€‚ [ "secret", "data", "is", "here" ] æ”»æ’ƒè€…ã¯ç½ ãƒšãƒ¼ã‚¸ã‚’ä½œæˆã—ã€ä»¥ä¸‹ã®ã‚ˆã†ã«JSONé…åˆ—ã‚’vbscriptã¨ã—ã¦èªã¿è¾¼ã¿ã¾ã™ã€‚ã‚‚ã¡ã‚
yuichi_y 2013/05/17
ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

security

JSON

javascript
ãƒªãƒ³ã‚¯
WEBãƒ—ãƒã‚°ãƒ©ãƒžãƒ¼å¿…è¦‹ï¼WEBè„†å¼±æ€§åŸºç¤ŽçŸ¥è˜æœ€é€Ÿãƒžã‚¹ã‚¿ãƒ¼ - ç‡ˆæ˜Žæ—¥è¨˜
ä»¥ä¸‹ã¯ã€WEBãƒ—ãƒã‚°ãƒ©ãƒžãƒ¼ç”¨ã®WEBè„†å¼±æ€§ã®åŸºç¤ŽçŸ¥è˜ã®ä¸€è¦§ã§ã™ã€‚ WEBãƒ—ãƒã‚°ãƒ©ãƒžãƒ¼ã®äººã¯ã“ã‚Œã‚’èªã‚ã°WEBè„†å¼±æ€§ã®åŸºç¤Žã‚’ãƒžã‚¹ã‚¿ãƒ¼ã—ã¦WEBãƒ—ãƒã‚°ãƒ©ãƒ ã‚’æ›¸ãã“ã¨ãŒã§ãã‚‹ã‚ˆã†ã«ãªã£ã¦ã„ã‚‹ã‹ã‚‚ã§ã™ã€‚ ã¾ãŸã€WEBè„†å¼±æ€§ã®ç°¡æ˜“ãƒªãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ã¨ã—ã¦ã‚‚å°‘ã—åˆ©ç”¨ã§ãã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ã€‚ WEBã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’é–‹ç™ºã™ã‚‹ã«ã¯ã€é–‹ç™ºè¦ä»¶æ›¸ã‚„ãƒ—ãƒã‚°ãƒ©ãƒ ä»•æ§˜æ›¸é€šã‚Šã«é–‹ç™ºã™ã‚Œã°è‰¯ã„ã¨ã„ã†ã‚ã‘ã«ã¯ã„ãã¾ã›ã‚“ã€‚ ãã†ã€WEBè„†å¼±æ€§ã‚’ç‹™ã†æ‚ªæ„ã®ãƒ¦ãƒ¼ã‚¶ã«ã‚‚å¯¾å‡¦ã—ãªã„ã¨ã„ã‘ãªã„ã®ã§ã™ã€‚ ä»Šå›žã€WEBã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’é–‹ç™ºã«ã‚ãŸã£ã¦ã®WEBè„†å¼±æ€§ã‚’ã€ä»¥ä¸‹ã®ä¸€è¦§ã«ã¾ã¨ã‚ã¦ã¿ã¾ã—ãŸã€‚ ã“ã®ã¾ã¨ã‚ãŒWEBã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³é–‹ç™ºã®å‚è€ƒã«ãªã‚Œã°å¹¸ã„ã§ã™ã€‚ ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ ã‚¯ãƒã‚¹ã‚µã‚¤ãƒˆãƒ»ã‚¹ã‚¯ãƒªãƒ—ãƒ†ã‚£ãƒ³ã‚° ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒ»ãƒã‚¤ã‚¸ãƒ£ãƒƒã‚¯ ã‚¢ã‚¯ã‚»ã‚¹åˆ¶å¾¡ã‚„èªå¯åˆ¶å¾¡ã®æ¬ è½ ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒ»ãƒˆãƒ©ãƒãƒ¼ã‚µãƒ«(Directory Traversal) CSRFï¼ˆ
yuichi_y 2010/05/10
webåˆ¶ä½œ

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
ãƒªãƒ³ã‚¯
1