Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to build/ops websites safety (2020-12-10)

Avatar for Daiji Hirata Daiji Hirata
December 10, 2020
Business
0
130

How to build/ops websites safety (2020-12-10)

ウェブサイト運用にともなうリスクと安定運用のコツ
2020.12.10 シックス・アパート オンラインミニセミナー スライド

Avatar for Daiji Hirata

Daiji Hirata

December 10, 2020
Tweet

More Decks by Daiji Hirata

See All by Daiji Hirata
MT9 と WebCMS をとりまく未来: MTDDC-Meetup-TOKYO-2025-Keynote
Avatar for Daiji Hirata hirata
0
420
WebCMS 概観 MTDDC Meetup TOHOKU 2025
Avatar for Daiji Hirata hirata
0
410
MTDDC Meetup TOKYO 2024 Keynote
Avatar for Daiji Hirata hirata
1
770
MTDDC Meetup TOHOKU 2024 Keynote Speech
Avatar for Daiji Hirata hirata
1
770
MTDDC Meetup Tokyo 2023 Keynote
Avatar for Daiji Hirata hirata
0
980
MTDDC Meetup Tokyo 2022 Keynote
Avatar for Daiji Hirata hirata
0
100
MTDDC meetup Tokyo 2021 Keynote
Avatar for Daiji Hirata hirata
0
1.4k
How to build a Robust Website for Peak Traffics (2021-02-12)
Avatar for Daiji Hirata hirata
0
110
MTDDC Meetup Tokyo 2020 Keynote
Avatar for Daiji Hirata hirata
0
230

Other Decks in Business

See All in Business
インキュデータ会社紹介資料
Avatar for Recruit@INCUDATA okitsu
3
49k
イグニション・ポイント株式会社/採用エントランスBook_2026
Avatar for Ignition Point-HR ignitionpointhr
2
160k
株式会社ステラセキュリティ会社紹介資料/sterrasec-introduction
Avatar for 株式会社ステラセキュリティ sterrasec
0
1k
2025年 知財10大ニュース と 2026年 知財予測レポート for #スナックのざき
Avatar for OTSUBO Kazuhisa otsubo
0
770
ARI会社説明
Avatar for ARI arisaiyou
1
21k
Spice Factory Inc. Culture Deck
Avatar for スパイスファクトリー株式会社(Spice Factory Inc.) spicefactory
0
17k
Growth Book
Avatar for 株式会社クラダシ kuradashi
0
800
プレックス キャリアアドバイザー職向け会社紹介資料
Avatar for 株式会社プレックス plex
0
140
Startup Research : Challenges and solutions for female startup founders in Japan
Avatar for MPower Partners mpower_partners
PRO
0
180
組織としてのプロダクトマネジメント力を高める 〜Sansanの実践と課題〜
Avatar for SansanTech sansantech
PRO
3
170
Outputをもう一歩先へ 〜あなたの現在地に合わせた、量や質など「もう一歩先の」Output〜
Avatar for amixedcolor amixedcolor
3
310
(4枚)マネジメントと3つの評価基準との関係(成果評価・能力評価・情意評価)
Avatar for 横山信弘/絶対達成スライド館 nyattx
PRO
0
130

Featured

See All Featured
Design in an AI World
Avatar for tapps tapps
0
120
How Software Deployment tools have changed in the past 20 years
Avatar for Geshan Manandhar geshan
0
31k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
Accessibility Awareness
Avatar for Sarah Abderemane sabderemane
0
35
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
508
140k
Designing Dashboards & Data Visualisations in Web Apps
Avatar for Des Traynor destraynor
231
54k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
Avatar for Ines Montani inesmontani
PRO
0
130
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
46
7.9k
A Soul's Torment
Avatar for Nat Ma seathinner
5
2.1k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
The Spectacular Lies of Maps
Avatar for Per Axbom axbom
PRO
1
430
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
Avatar for konakalab konakalab
0
340

Transcript

  1. γοΫεɾΞύʔτ ฏా େ࣏ ΢ΣϒαΠτӡ༻ʹͱ΋ͳ͏ϦεΫͱ҆ఆӡ༻ͷίπ ΢ΣϒαΠτΛ҆৺ͯ͠׆༻͢ΔͨΊʹ஌͓͖͍ͬͯͨ͜ͱ

  2. ͻΒ͍ͨͩ͡ 4JY"QBSU %JSFDUPS $50 !IJSBUB

  3. ࠓ೔ͷ࿩ • ΢ΣϒαΠτӡ༻্ͷϦεΫͱݪҼ • جຊతͳରࡦ • ରࡦͷҰྫɺެ։αʔόͷ෼཭ • ͦͷଞɺؾΛ͚ͭΔ͜ͱ

  4. ΢ΣϒαΠτͷϦεΫ͍Ζ͍Ζ • αΠτͷվ᜵ɺ৐ͬऔΓ • αΠτͷμ΢ϯ • ৘ใ࿙Ӯ • ౿Έ୆ʹ࢖ΘΕ͍ͯͨ •

    ߋ৽͕Ͱ͖ͳ͘ͳͬͨ

  5. αΠτͷվ᜵ɺ৐ͬऔΓ • ৘ใͷૢ࡞ • Ϛϧ΢ΣΞ͕഑෍͞Ε͍ͯͨ • ѱҙͷ͋ΔϓϩάϥϜΛΫϥΠΞϯτʹ࣮ߦͤ͞Δ • ϑΟογϯά࠮ٗʹ࢖ΘΕ͍ͯͨ •

    ݸਓ৘ใ΍ΫϨδοτΧʔυ৘ใΛ౪·ΕΔ
  6. None

  7. ෛͷ࿈࠯ • Ϛϧ΢ΣΞ / ϑΟογϯάʹ࢖ΘΕΔ • ϒϩοΫϦετʹొ࿥͞ΕΔ • Safe Browsing

    ػೳͰαΠτ͕දࣔ͞Εͳ͘ͳΔ…

  8. αΠτͷμ΢ϯ • αΠτ͕ਅͬനʹͳͬͨ • 404 Not Found ΍φκͷΤϥʔը໘

  9. ৘ใ࿙Ӯ • αʔόʹอଘ͍ͯͨ͠ݸਓ৘ใ͕… • ·ͩެ։͍ͯ͠ͳ͍͸ͣͷ PDF ϑΝΠϧ͕…

  10. ౿Έ୆ʹ͞Ε͍ͯͨ? ඪతܕ߈ܸʹ࢖ΘΕͨྫ • ஌Βͳ͍ϑΝΠϧ͕ࣾ಺͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ஌Βͳ͍αʔό͔ΒͷΞΫηεͰμ΢ϯϩʔυ͞Ε͍ͯͨ • ஌Βͳ͍ϑΝΠϧ͕ࣾ֎͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ࣾ಺ͷPC͔ΒφκͷΞΫηε͕…

  11. ߋ৽͕Ͱ͖ͳ͍ • CMS ͷ؅ཧը໘ʹϩάΠϯͰ͖ͳ͍ • αʔόͷΞΧ΢ϯτ͕Θ͔Βͳ͍

  12. ͞·͟·ͳݪҼ • ֎෦͔ΒͷͳΜΒ͔ͷΞΫγϣϯ (߈ܸ) • ނো • ୯७ͳϛε • ಺෦൜ߦ

    • ͳʹ΋͍ͯ͠ͳ͍ͷʹ……

  13. جຊతͳରࡦͷߟ͔͑ͨ • ݪҼΛ༧૝͠ɺͦΕͧΕͷରࡦΛߟ͑Δ • ϦεΫΛࣄલʹݮΒ͢ • ΋͠ൃੜͨ͠ͱ͖ͷϦΧόϦʔํ๏Λࣄલʹ༻ҙ͓ͯ͘͠ • ӡ༻ʹؾΛ෷͏ •

    αʔόɺΞϓϦέʔγϣϯΛ҆શʹอͭ • े෼ͳϦιʔεΛख౰͢Δ • ීஈ͔ΒϦεΫʹඋ͑Δ

  14. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ • Ұൠ΁ͷ৘ใఏڙͷͨΊͷ΢Σϒαʔό • ίʔϙϨʔταΠτͳͲ • ߋ৽͸ਵ࣌ɺσβΠϯมߋͳͲ͸සൟͰ͸ͳ͍ • ड͚Δͷ͸໰͍߹ΘͤϑΥʔϜఔ౓

  15. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ • ެ։༻αʔόͱΞϓϦέʔγϣϯ༻αʔόΛ෼཭͢Δ • CMS αʔό͸Ұൠ͔ΒΞΫηεͰ͖ͳ͍Α͏ʹɺ੍ݶ͢Δ • ΞΫηε੍ݶɺωοτϫʔΫͷ෼཭ • ެ։༻αʔόʹ͸ɺඞཁͳΞϓϦέʔγϣϯͷΈઃஔ͢Δ

    • ੩తίϯςϯπͷΈͩͱɺ͔ͳΓ҆શ

  16. 010111……… ެ։ྖҬ CMS 1୆ͷαʔόʹ͢΂ͯࠞࡏ html, image, css, js, etc.

  17. ެ։༻αʔό CMS ެ։ྖҬ 010111……… ެ։༻αʔόͱ CMS Λ෼཭͢Δ

  18. ެ։༻αʔόͷ෼཭ • αΠτΛ੩తίϯςϯπͱͯ͠४උ͠ɺެ։༻αʔόʹసૹ͢Δ • MT ͩͱϓϥάΠϯΛར༻͢Δ͜ͱ͕Ұൠత • Uploader, SmartSyncPack, Movable

    Type Premium (SiteSync) • MT Ϋϥ΢υʹ͸ඪ४Ͱαʔό഑৴Λ༻ҙ͍ͯ͠Δ • సૹઌͱରԠ͢Δϓϩτίϧʹ஫ҙ • FTPS, SFTP, rsync, S3 (AWS) ͳͲ

  19. ެ։༻αʔό CMS ެ։ྖҬ 010111……… ඇެ։ྖҬ ഑৴ ࠶ߏங (੩తϑΝΠϧߏங)

  20. ഑৴ػೳͷϝϦοτ • ഑৴ઌΛෳ਺༻ҙ͢Δ͜ͱͰɺεςʔδϯάͷΑ͏ʹར༻Ͱ͖Δ • ίϯςϯπΛ෼཭ͯ͠؅ཧ͢Δ͜ͱ͕Ͱ͖Δ • େن໛αΠτͷҰ෦͚ͩΛ MT Ϋϥ΢υͰ؅ཧ͢Δ •

    ෦໳ຖʹ഑৴Λ෼͚Δ

  21. ެ։༻αʔό ඇެ։ྖҬ ഑৴ ֬ೝ༻αʔό ഑৴ CMS

  22. ެ։༻αʔό CMS ඇެ։ྖҬ Ұ෦ͷྖҬʹ͚ͩ഑৴

  23. CMS ͷΞΫηε੍ݶ΍ηΩϡϦςΟڧԽ • IP ΞυϨεͷ੍ݶ • ύεϫʔυอޢ • WAF ͷར༻

  24. CMS ͷӅṭ • CMS ΞϓϦέʔγϣϯ΁ͷΞΫηεΛ੍ݶ͢Δ • ϗετͷӅṭ • ϓϥΠϕʔτωοτϫʔΫʹઃஔͯ͠ VPN

    ܦ༝ͰΞΫηε • ެ։αʔό΁ͷίϯςϯπ഑৴Ҏ֎ΛڐՄ͠ͳ͍ • ֎෦΁ͷτϥϑΟοΫͷ؂ࢹ͕༰қʹ
 ౿Έ୆ʹͳΔϦεΫΛܰݮͰ͖Δ

  25. ެ։༻αʔό CMS VPN ͳͲͰΞΫηεΛ੍ݶɾ؅ཧ ഑৴ (Ұํ޲) ֎෦͔Βͷ௨৴͸ःஅ 010111………

  26. ެ։αʔόͷߏ੒ྫ • Apache • SSI ΍ htaccess ͸࢖͍͍ͨ • Amazon

    S3 • + CDN • + CDN + WAF + DDoS ରࡦ

  27. ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI ΍ .htaccess

    ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠
 CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

  28. ެ։༻αʔό iframe Ͱ૊ΈࠐΈ

  29. ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI ΍ .htaccess

    ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠
 CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

  30. ΑΓ஫ҙ͢Δ͜ͱ • ނো΍ࣄނʹඋ͑ͨ৑௕ߏ੒ • ೋॏԽ…ϗετɺωοτϫʔΫɺσʔληϯλ • γεςϜͷఆظతͳϝϯςφϯε • ϛυϧ΢ΣΞ΍ΞϓϦέʔγϣϯͷΞοϓσʔτɺઃఆͷ֬ೝ •

    ϩάͷ֬ೝ • ఆظతͳόοΫΞοϓ • όοΫΞοϓͷೖखੑɺੈ୅ • ϦετΞखॱͷ֬ೝ΍τϨʔχϯά

  31. ࣗ෼Ͱ΍Δͷ͕େมͩͱࢥͬͨΒ • ϚωʔδυαʔϏε΍ SaaS ͷ CMS Λར༻͢Δ • Movable Type

    Ϋϥ΢υ൛ • αʔό഑৴ػೳΛඪ४૷උ • MovableType.net • αʔϏεͱͯ͠ɺ͞·͟·ͳϦεΫʹ഑ྀͯ͠ӡӦ͍ͯ͠·͢

  32. ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠