Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
徳丸本輪読会
Search
mcz9mm
July 30, 2017
0
71
徳丸本輪読会
第二回4.5
mcz9mm
July 30, 2017
Tweet
Share
More Decks by mcz9mm
See All by mcz9mm
SwiftUI-List-Pagination
mcz9mm
2
2.3k
ARKit2.0でAppleが伝えたいアプリ体験を考える
mcz9mm
2
1.1k
ゆるく学ぶARKit
mcz9mm
3
1.5k
What’s TCP/UDP?
mcz9mm
0
100
NATサーバーの必要性
mcz9mm
0
96
What’s New in ARKit2.0
mcz9mm
0
97
徳丸本 ログインフォーム
mcz9mm
0
100
arkit+animoji
mcz9mm
0
67
徳丸本8
mcz9mm
0
120
Featured
See All Featured
The Cost Of JavaScript in 2023
addyosmani
49
8.1k
Building Applications with DynamoDB
mza
95
6.4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Building Better People: How to give real-time feedback that sticks.
wjessup
368
19k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
5
620
Rails Girls Zürich Keynote
gr2m
94
13k
BBQ
matthewcrist
88
9.7k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
21k
A designer walks into a library…
pauljervisheath
205
24k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Done Done
chrislema
184
16k
Balancing Empowerment & Direction
lara
1
89
Transcript
ॏཁͳॲཧͷࡍʹࠞೖ͢Δ੬ऑੑ ಙؙձ MataraiKaoru
ॏཁͳॲཧ • ΫϨΧͷܾࡁ • ϝʔϧͷૹ৴ • ޱ࠲͔Βͷૹۚ • ύεϫʔυIDͷมߋ •
etc..
ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ CSRF ʮ֬ೝʯॲཧ͕ൈ͚͍ͯΔ͚ͩͰউखʹ࣮ߦ͞ ͤΒΕΔةݥੑ͕͋Δ ॏཁͳॲཧͷѱ༻ʹݶΔͷͰඃʹ͋ͬͨར༻ ऀͷݸਓใ౪Ή͜ͱͰ͖ͳ͍
ൃੜՕॴ • CookieͷΈͰηογϣϯཧ͕ߦΘΕ͍ͯΔα Πτ • HTTPೝূɺSSLΫϥΠΞϯτূ໌ॻɺܞଳి ͷIDͷΈͰར༻ऀͷࣝผ͕ߦΘΕ͍ͯΔαΠτ
࣮ߦύλʔϯ • ར༻ऀ͕ରͷαΠτʹϩάΠϯ͍ͯ͠Δ • ߈ܸऀ͕᠘Λ༻ҙ͢Δ • ඃऀ͕᠘ΛӾཡ͢Δ • ᠘ͷJSʹΑΓαΠτʹର͠ɺ৽͍͠ύεϫʔ υ͕POSTϝιουͰૹ৴͞Ε͍ͯΔ
XSSͱͷൺֱ • ઃܭஈ֊ͰରࡦΛΓࠐΉඞཁ͕͋Δ • ೝ͕XSSʹൺ͍ͯ
෦ωοτϫʔΫʹର͢ΔCSRD߈ܸ • WebαΠτ͚ͩͰͳ͘෦ωοτϫʔΫʹ ଓ͞Εͨαʔόʔ߈ܸՄೳ • ϧʔλʔϑΝΠΞʔΥʔϧͷઃఆը໘ ੬ऑੑͷՄೳੑ͕
੬ऑੑ͕ੜ·ΕΔݪҼ Webͷੑ࣭Λར༻ͨ͠ͷ • fromཁૉͷactionଐੑʹͲͷυϝΠϯURL ͰࢦఆͰ͖Δ • Cookieʹอ͞ΕͨηογϣϯIDɺରα Πτʹࣗಈతʹૹ৴͞ΕΔ
ҙਤͨ͠HTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://example.jp/45/45-002.php ~~~~~~~~~~~~ pwd=pass1 ※ϦϑΝϥΛࢀর͢Δ͜ͱͰɺͲ͔͜Βͦͷϖʔδʹཁٻ͕དྷͨͷ͔ΛΔ ͜ͱ͕Ͱ͖Δ
CSRF߈ܸʹΑΔHTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://trap.example.jp/45/45-900.php ~~~~~~~~~~~~ pwd=pass1
ରࡦͦͷ̍ • CSRFରࡦʹඞཁͳϖʔδΛѲ͢Δ ΧʔτʹՃ ೝূ ॅॴ֬ೝ ߪೖ֬ೝ ҙͷϖʔδ ݸਓใฤू
ใ֬ೝ มߋ
ରࡦͦͷ̎ • ਖ਼نར༻ऀͷҙਤͨ͠ϦΫΤετͰ͋Δ͜ͱΛ ֬ೝ͢Δ • ֬ೝํ๏ • τʔΫϯͷຒΊࠐΈ • ύεϫʔυ࠶ೖྗ
• RefererͷνΣοΫ
τʔΫϯͷຒΊࠐΈ • ୈࡾऀ͕Γಘͳ͍ൿີใΛཁٻ͢ΔΑ͏ʹ͢ΕผՄೳ ຒΊࠐΈɿ <input type=“hidden” name=“token” value”<?php echo htmlspecialchars(session_id(),
ENT_COMPAT, ‘UTF-8’); ?>”> ֬ೝɿ if (session_id() !== $_POST[‘token’]) { //Error Handle }
ύεϫʔυͷ࠶ೖྗ • ͷߪೖͳͲʹઌཱͬͯɺར༻ऀͷҙࢥΛ ೦ԡͯ֬͠͠ೝ͢Δ • ڞ༗PCͰଞਓ͕ૢ࡞͍ͯ͠ΔΘ͚Ͱͳ͘ɺ ຊʹਖ਼نͷར༻ऀͰ͋Δ͜ͱΛ֬ೝ͢Δ ্هҎ֎ͷϖʔδঢ়گͰߦ͏ͱඇৗʹ͍ʹ͍͘αΠτʹɾɾɾ
RefererͷνΣοΫ /* ࢀরݩʹΑͬͯৼΓ͚ॲཧ */ $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
null; if (preg_match("|^https?://[a-zA-Z0-9-]+\.hoge\.jp|", $referer)) { // "xxx.hoge.jp" αΠτ͔ΒͷΞΫηε࣌ͷॲཧɻ } else { /* ΞΫηε࣌ͷॲཧ */ }
อݥతͳରࡦ ରͷར༻ऀʹରͯ͠ॲཧ༰ͷ௨ϝʔϧͷ ૹ৴
End