みんなで学ぶ＆考える『正しい』カスタマイズのちしき/20200221_kintonecafehirofuku-vol18

Transcript

1. にと 』 じ じ LJOUPOF $BGÉ ޿ౡ 7PM!෱ࢁ ͲΓ͌ !Q@SPDDB

2. 5PEBZ`T
   5PQJD
   JT
   BCPVU
    Ұൠతͳ8FCηΩϡϦςΟʹ͍ͭͯ  LJOUPOFͷηΩϡϦςΟʹ͍ͭͯ  LJOUPOFͷΧελϚΠζʹ͍ͭͯߟ͑Δ  +BWB4DSJQUͬͯͲΜͳ΋ͷʁ 

   ·ͱΊ Agenda

3. ͲΓ͌ʢ͍͚͕ΈΈͲΓʣ ΞʔϧεϦʔΠϯεςΟςϡʔτʢେࡕͷγεςϜ։ൃձࣾʣ &OHJOFFS
   ˠ
   $VTUPNFS4VDDFTT 
   .BSLFUJOH%JSFDUPS DMPVE
   VOJWFSTJUZ
   ೝఆτϨʔφʔ LJOUPOFΛڭ͑ΔઌੜͰ͢ ݩίεϓϨΤϯδχΞɻࠓͰ΋ίεϓϨ͸গʑɻ ίϛϡχςΟ׆ಈͳͲ l LJOUPOF

   $BGÉ ˠ ӡӦࣄ຿ہ l LJOUPOF $BGÉ
   +"1"/
   ˠ ʙ·Ͱ࣮ߦҕһ l ͦͷଞLJOUPOFҎ֎ͷίϛϡχςΟʹ΋ίϛοτத About me

4. CBTJD
   XFCTJUF
   TFDVSJUZ Security

5. What s Cyber Attack lίϯϐϡʔλʔγεςϜʹ৵ೖ͠ ѱҙͷ͋ΔߦҝΛ͓͜ͳ͏͜ͱz

6. Ϣʔβʔ͕8FCϖʔδʹ ΞΫηε͢Δ͜ͱͰෆਖ਼ͳ εΫϦϓτ͕࣮ߦ͞ΕΔ੬ ऑੑɾ߈ܸख๏ 8FCΞϓϦͷϢʔβʔࣗ ਎Ͱҙਤ͍ͯ͠ͳ͍ॲཧ͕ ࣮ߦ͞Εͯ͠·͏੬ऑੑɾ ߈ܸख๏ 02 XSS

   CSRF 01 ෆਖ਼ೖखͨ͠ΞΧ΢ϯτϦ ετΛݩʹ8FCαΠτʹ ෆਖ਼ϩάΠϯ͢Δ߈ܸ Password Attack 04 DoS Attack ߈ܸର৅ͷαΠτͳͲʹେ ྔʹσʔλΛૹ৴ͯ͠αʔ ϏεΛμ΢ϯͤ͞Δ߈ܸ 03

7. kintone s Security )PX
   BCPVU
   LJOUPOF`T 4FDVSJUZ

8. ࣮͸͔ͳΓݎ࿚ʹ࡞ΒΕ͍ͯΔDZCP[VDPN Ϋϥ΢υαʔϏεΛ҆શʹ࢖͏ͨΊʹॏཁͳͭͷରࡦ • LJOUPOFͷηΩϡϦςΟʹDZCP[VDPNͷηΩϡϦςΟ • Ϋϥ΢υαʔϏεʺ੬ऑ • ԼखʹϨϯλϧαʔόʔͳͲΛआΓΔΑΓ҆શ • ਖ਼͘͠࢖͍ͬͯΕ͹جຊతʹ͸໰୊͸ى͜Βͳ͍

   ͦ͏ɺਖ਼͘͠࢖͍ͬͯΕ͹ɻ THE Security of Cybozu

9. kintone CUSTOMIZE

10. LJOUPOFΛ ศརʹ࢖͍͜ͳ͍ͨ͠ͳ ͱࢥͬͨ࣌ What ｓ the situation of kintone Customize

    Extension LJOUPOFͷجຊػೳͰ ͜ΕͰ͖ͳ͍ͳ ͱࢥͬͨ࣌ Limitation

11. Think about that again *T
    UIBU
    BCTPMVUFMZ
    OFDFTTBSZ ͦΕ͸ຊ౰ʹඞཁʁ

12. ໨ʹݟ͑Δίετ͕͔͔ Βͳ͍ͷͰΈΜͳ͜Εʹ ૸Γ͕ͪɻ࣮͸ݟ͑ͳ͍ ίετ͕͔͔͍ͬͯΔ WRITE CODE )JavaScript HOW TO CUSTOMIZE

    for kintone ίετ͔͔Δ͔Βܟԕ͞ Ε͕͚ͪͩͲ৴པੑ͸ؒ ҧ͍ͳ͍ɻͪΌΜͱͨ͠ ͱ͜ΖΛબఆ͢Ε͹ Ҏ ԼSZ ORDER TO DEVELOPER ༗ঈɾແঈ͍Ζ͍Ζ ͪΌΜͱͨ͠ͱ͜ΖΛબ ఆ͢Ε͹ ͓ͦΒ͘ ؒҧ ͍ͳ͍ɻ΀Β͙ҕһձϝ ϯόʔͱ͔ USE PLUGINS

13. に に JavaScript

14. A Problem Occurred Α͘Θ͔Βͳ͍··αϯϓ ϧίʔυΛࣸܦɻॻ͍ͯ͋ Δҙຯ͸ͪΌΜͱཧղͯ͠ Δʁ Copy Sample Code

    ಈ͔ͳ͍ཧ༝Λࣗ෼Ͱ͙͞ Εɻࢼߦࡨޡ͠Ζɻσόο άͬͯ஌ͬͯΔʁ Not Work Τϥʔग़ͨɻΑ͘Θ͔Βͳ ͍͔Β์ஔʂ+BWB4DSJQU֎ ͢ʂͬͯਓ͸ͦ΋ͦ΋ࣗ෼ ͰίʔυΛॻ͘ͳ Error I don t Care

15. The meaning why Using JavaScript ίʔσΟϯάΨΠυϥΠ ϯͬͯݟͨ͜ͱ͋Δʁ LJOUPOFʹ΋ͪΌΜͱ͋ ΔΑɻ஌Βͳ͍ਓ͸ EFW/FUͰݕࡧʂ

    ͍΍ͦ΋ͦ΋+BWBͰ΋ +"7"Ͱ΋ͳ͍͔Βɻͦ Εҧ͏ݴޠɻ+BWB4DSJQU આ໌ͯ͠Έͯʁ 01 03 ͪΌΜͱνϡʔτϦΞϧ ΍͔ͬͯΒΧελϚΠζ ͯ͠Δʁ"1*υΩϡϝϯ τͪΌΜͱಡΜͰΔʁ࢓ ༷΍੍໿ॻ͍ͯ͋ΔΑ ͦΜͳʹ؆୯ͩͱࢥͬͯ Δʁಉظॲཧͱ͔ඇಉظ ॲཧͱ͔γϯάϧεϨο υͱ͔ίʔϧόοΫͱ͔ 02 04

16. ·ͣ͸LJOUPOFͷجຊػೳͰͷ࣮ݱՄ൱Λߟ͑Δɻ Ͱ͖ͳ͔ͬͨ৔߹ʹ͸ΧελϚΠζΛݕ౼ɻ ແܭըʹ΍Βͳ͍ɻ΍Έ͘΋ʹ΍Βͳ͍ɻ ΍ΔͱܾΊͨΒࢮ͵ؾͰ΍ΕɻͦΕ͘Β͍͠ͳ͍ ͱεΩϧ͸਎ʹ͔ͭͳ͍ɻ৘ใ࿙͍͑͸ίʔυॻ ͘ਓͷεΩϧʹ͔͔ͬͯΔɻ 01 thinking 02 NO

    biginning blindly 03 Work like hell

17. $3&%*54
    5IJT
    QSFTFOUBUJPO
    UFNQMBUF
    XBT
    DSFBUFE
    CZ
    4MJEFTHP
    JODMVEJOH
    JDPOT
    CZ
    'MBUJDPO
    BOE
    JOGPHSBQIJDT
    
    JNBHFT
    CZ
    'SFFQJL
    1MFBTF
    LFFQ
    UIJT
    TMJEF
    GPS
    BUUSJCVUJPO THANKS %P
    ZPV
    IBWF
    BOZ
    RVFTUJPOT 5XJUUFS
    ˠ !Q@SPDDB 'BDFCPPL
    ˠ
    Q$"

    ͲΓ͌ XXXLJOUPOFDBGFDPN