Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
徳丸本輪読会
Search
mcz9mm
July 30, 2017
0
66
徳丸本輪読会
第二回4.5
mcz9mm
July 30, 2017
Tweet
Share
More Decks by mcz9mm
See All by mcz9mm
SwiftUI-List-Pagination
mcz9mm
2
2.1k
ARKit2.0でAppleが伝えたいアプリ体験を考える
mcz9mm
2
1k
ゆるく学ぶARKit
mcz9mm
3
1.4k
What’s TCP/UDP?
mcz9mm
0
98
NATサーバーの必要性
mcz9mm
0
84
What’s New in ARKit2.0
mcz9mm
0
81
徳丸本 ログインフォーム
mcz9mm
0
97
arkit+animoji
mcz9mm
0
64
徳丸本8
mcz9mm
0
110
Featured
See All Featured
The Cost Of JavaScript in 2023
addyosmani
45
7k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k
Code Review Best Practice
trishagee
65
17k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
How to Think Like a Performance Engineer
csswizardry
22
1.2k
VelocityConf: Rendering Performance Case Studies
addyosmani
326
24k
Designing on Purpose - Digital PM Summit 2013
jponch
116
7k
Typedesign – Prime Four
hannesfritz
40
2.4k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
28
2.1k
Transcript
ॏཁͳॲཧͷࡍʹࠞೖ͢Δ੬ऑੑ ಙؙձ MataraiKaoru
ॏཁͳॲཧ • ΫϨΧͷܾࡁ • ϝʔϧͷૹ৴ • ޱ࠲͔Βͷૹۚ • ύεϫʔυIDͷมߋ •
etc..
ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ CSRF ʮ֬ೝʯॲཧ͕ൈ͚͍ͯΔ͚ͩͰউखʹ࣮ߦ͞ ͤΒΕΔةݥੑ͕͋Δ ॏཁͳॲཧͷѱ༻ʹݶΔͷͰඃʹ͋ͬͨར༻ ऀͷݸਓใ౪Ή͜ͱͰ͖ͳ͍
ൃੜՕॴ • CookieͷΈͰηογϣϯཧ͕ߦΘΕ͍ͯΔα Πτ • HTTPೝূɺSSLΫϥΠΞϯτূ໌ॻɺܞଳి ͷIDͷΈͰར༻ऀͷࣝผ͕ߦΘΕ͍ͯΔαΠτ
࣮ߦύλʔϯ • ར༻ऀ͕ରͷαΠτʹϩάΠϯ͍ͯ͠Δ • ߈ܸऀ͕᠘Λ༻ҙ͢Δ • ඃऀ͕᠘ΛӾཡ͢Δ • ᠘ͷJSʹΑΓαΠτʹର͠ɺ৽͍͠ύεϫʔ υ͕POSTϝιουͰૹ৴͞Ε͍ͯΔ
XSSͱͷൺֱ • ઃܭஈ֊ͰରࡦΛΓࠐΉඞཁ͕͋Δ • ೝ͕XSSʹൺ͍ͯ
෦ωοτϫʔΫʹର͢ΔCSRD߈ܸ • WebαΠτ͚ͩͰͳ͘෦ωοτϫʔΫʹ ଓ͞Εͨαʔόʔ߈ܸՄೳ • ϧʔλʔϑΝΠΞʔΥʔϧͷઃఆը໘ ੬ऑੑͷՄೳੑ͕
੬ऑੑ͕ੜ·ΕΔݪҼ Webͷੑ࣭Λར༻ͨ͠ͷ • fromཁૉͷactionଐੑʹͲͷυϝΠϯURL ͰࢦఆͰ͖Δ • Cookieʹอ͞ΕͨηογϣϯIDɺରα Πτʹࣗಈతʹૹ৴͞ΕΔ
ҙਤͨ͠HTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://example.jp/45/45-002.php ~~~~~~~~~~~~ pwd=pass1 ※ϦϑΝϥΛࢀর͢Δ͜ͱͰɺͲ͔͜Βͦͷϖʔδʹཁٻ͕དྷͨͷ͔ΛΔ ͜ͱ͕Ͱ͖Δ
CSRF߈ܸʹΑΔHTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://trap.example.jp/45/45-900.php ~~~~~~~~~~~~ pwd=pass1
ରࡦͦͷ̍ • CSRFରࡦʹඞཁͳϖʔδΛѲ͢Δ ΧʔτʹՃ ೝূ ॅॴ֬ೝ ߪೖ֬ೝ ҙͷϖʔδ ݸਓใฤू
ใ֬ೝ มߋ
ରࡦͦͷ̎ • ਖ਼نར༻ऀͷҙਤͨ͠ϦΫΤετͰ͋Δ͜ͱΛ ֬ೝ͢Δ • ֬ೝํ๏ • τʔΫϯͷຒΊࠐΈ • ύεϫʔυ࠶ೖྗ
• RefererͷνΣοΫ
τʔΫϯͷຒΊࠐΈ • ୈࡾऀ͕Γಘͳ͍ൿີใΛཁٻ͢ΔΑ͏ʹ͢ΕผՄೳ ຒΊࠐΈɿ <input type=“hidden” name=“token” value”<?php echo htmlspecialchars(session_id(),
ENT_COMPAT, ‘UTF-8’); ?>”> ֬ೝɿ if (session_id() !== $_POST[‘token’]) { //Error Handle }
ύεϫʔυͷ࠶ೖྗ • ͷߪೖͳͲʹઌཱͬͯɺར༻ऀͷҙࢥΛ ೦ԡͯ֬͠͠ೝ͢Δ • ڞ༗PCͰଞਓ͕ૢ࡞͍ͯ͠ΔΘ͚Ͱͳ͘ɺ ຊʹਖ਼نͷར༻ऀͰ͋Δ͜ͱΛ֬ೝ͢Δ ্هҎ֎ͷϖʔδঢ়گͰߦ͏ͱඇৗʹ͍ʹ͍͘αΠτʹɾɾɾ
RefererͷνΣοΫ /* ࢀরݩʹΑͬͯৼΓ͚ॲཧ */ $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
null; if (preg_match("|^https?://[a-zA-Z0-9-]+\.hoge\.jp|", $referer)) { // "xxx.hoge.jp" αΠτ͔ΒͷΞΫηε࣌ͷॲཧɻ } else { /* ΞΫηε࣌ͷॲཧ */ }
อݥతͳରࡦ ରͷར༻ऀʹରͯ͠ॲཧ༰ͷ௨ϝʔϧͷ ૹ৴
End