Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Minimum knowledge for secure web payment

Yutaro Sugai
July 22, 2014
Technology
1
990

Minimum knowledge for secure web payment

安全なウェブ決済のために
最低限知っておいてほしいこと
WebPay meetup #1 2014/07/22

Yutaro Sugai

July 22, 2014
Tweet

More Decks by Yutaro Sugai

See All by Yutaro Sugai
devlove-kansai-sre-scrum
hokkai7go
0
9.8k
sre-lounge8
hokkai7go
6
5.9k
88_techbookfest5_in_omotesandorb
hokkai7go
1
65
Career Keynote at LDD '18 in Muroran
hokkai7go
1
450
What has been realized to improve maintainability at "Eight".
hokkai7go
0
790
Serverless and tough access management
hokkai7go
1
1.2k
"1st try and team productivity"
hokkai7go
1
280
Technology to support Eight, Infrastructure part
hokkai7go
0
540
AWS and Serverless and Monitoring
hokkai7go
1
2k

Other Decks in Technology

See All in Technology
SRE を実践するためのプラットフォームの作り方と技術マネジメント / Building a Platform for SRE
irotoris
0
380
事業や組織の変化に柔軟に適応するIVRyのプロダクト開発チーム運営 / IVRy's Product Development
yrhorita
1
190
監視とオブザーバビリティ 〜 悩む前に確認しておくべきこと / 20230926-ssmjp-monitoring-and-observability
opelab
9
1.3k
如何在 Elasticsearch 實現敏捷的資料建模與管理 @ DevOpsDays Taipei 2023
unclejoe
0
180
Customer-Centricity Unleashed: Transforming Businesses with LINE Tech
linedevth
1
150
Goのとある未定義動作 golang.tokyo #33
izzii
0
100
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
6
4.2k
Amazon FSx for NetApp ONTAPを 利用するときに気をつけることn選 〜移行プロセスを添えて〜 #devio2023
non97
0
150
Case Studies: Modern Development Practices In Highly Regulated Environments
charity
2
1.1k
ChatGPTを前に頭が真っ白を乗り越え人が答えることが困難な認知負荷MAXなタフクエスチョンをどんどん回答させてプロダクト価値を爆速探求するぞ/cognitive_load_question_and_chatgpt
moriyuya
2
350
self-hosted runnerと actions/cache の噛み合わせが悪かった件 #githubactionsmeetup
whywaita
PRO
1
500
スタートアップのためのアジャイルプラクティス -論文100本ノック- #xpjug / Agile Practice for Startup - Papers -
kyonmm
PRO
0
430

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
880
Clear Off the Table
cherdarchuk
81
300k
Mobile First: as difficult as doing things right
swwweet
214
8.2k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
26
5.5k
Building Your Own Lightsaber
phodgson
97
5.2k
Become a Pro
speakerdeck
PRO
8
3.5k
Testing 201, or: Great Expectations
jmmastey
26
6k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
33
8.6k
Design by the Numbers
sachag
272
18k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
351
28k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
184
15k

Transcript

  1. ҆શͳ΢ΣϒܾࡁͷͨΊʹ
    ࠷௿ݶ஌͓͍ͬͯͯ΄͍͜͠ͱ
    Yutaro Sugai
    @hokkai7go

    View Slide

  2. ϖΠʂ
    (ָ͠ΜͰ·͔͢)

    View Slide

  3. ҆શͳ΢ΣϒܾࡁͷͨΊʹ
    ࠷௿ݶ஌͓͍ͬͯͯ΄͍͜͠ͱ
    Yutaro Sugai
    @hokkai7go

    View Slide

  4. @hokkai7go
    !
    WebPay
    ɾαʔό܈ͷӡ༻
    ɾPCIDSSͳͲηΩϡϦςΟج४΁ͷ४ڌ
    !
    ݸਓ
    ɾ֤छRubyܥΧϯϑΝϨϯεͷϨϙʔτ൝
    ɾΔͼ·ฤू
    ɾChef࣮ફೖ໳ॻ͖·ͨ͠

    View Slide

  5. PCIDSS஌ͬͯ·͔͢ʁ

    View Slide

  6. PCIDSSͱ͸
    ΫϨδοτΧʔυ৘ใ࿙Ӯ๷ࢭͷ
    ͨΊͷࠃࡍηΩϡϦςΟج४
    ΫϨδοτΧʔυ৘ใΛऔΓѻ͏
    શͯͷࣄۀऀ΍αʔϏεϓϩόΠ
    μ͸ɺ͜ͷඪ४ʹ४ڌ͢Δඞཁ͕
    ͋Γ·͢ɻ(േଇͳ͠)

    View Slide

  7. PCIDSSͱ͸
    ܾࡁࣄۀऀ͚ͩͰͳ͘
    AWSͳͲͷαʔϏεϓϩόΠμ͕
    ४ڌ͢Δྫ͕૿͍͑ͯΔ

    View Slide

  8. Χʔυ൪߸࿙Ӯͷ
    ࡾେϦεΫϙΠϯτ

    View Slide

  9. ॲཧ ఻ૹ อଘ

    View Slide

  10. 4242#4242#4242#4242
    ఻ૹ

    View Slide

  11. 4242#4242#4242#4242
    ఻ૹ

    View Slide

  12. 4242#4242#4242#4242
    ఻ૹɾॲཧ

    View Slide

  13. 4242#4242#4242#4242
    อଘ

    View Slide

  14. ఻ૹ

    View Slide

  15. PCIDSS͸
    ఻ૹ࣌҉߸ԽΛཁٻ

    View Slide

  16. ”ΦʔϓϯͳެڞωοτϫʔΫܦ༝Ͱػີ
    ੑͷߴ͍ΧʔυձһσʔλΛ఻ૹ͢Δ৔
    ߹ɺҎԼͷΑ͏ͳɺڧྗͳ҉߸ԽͱηΩϡ
    ϦςΟϓϩτίϧʢSSL/TLSɺIPSECɺ
    SSHͳͲʣΛ࢖༻ͯ͠อޢ͢Δɻ”
    - PCIDSS ཁ݅ͱηΩϡϦςΟධՁखॱόʔδϣϯ3.0 ΑΓൈਮ

    View Slide

  17. ҉߸ԽͤͣʹΧʔυ൪߸
    ͷ఻ૹ͍ͯ͠·ͤΜ͔ʁ

    View Slide

  18. ੜͷΧʔυ൪߸ΛαʔόͰ
    ड͚ͱΓͨ͘ͳ͍Ͱ͢ΑͶ

    View Slide

  19. Έͳ͞Μ͕Χʔυ൪߸Λۃྗѻ
    Θͳ͍͍ͯ͘Α͏ʹɺτʔΫϯ
    ܾࡁͷ࢓૊ΈΛ༻ҙ͍ͯ͠·͢

    View Slide

  20. ɾΫϥΠΞϯταΠυτʔΫϯ
    ɾαʔόαΠυτʔΫϯ

    View Slide

  21. ΫϥΠΞϯταΠυτʔΫϯͷར఺
    ʮॲཧʯʮ఻ૹʯʮอଘʯͷ
    ͢΂ͯΛճආ͢Δ͜ͱ͕Ͱ͖·͢

    View Slide

  22. https://webpay.jp/docs/payments_with_token

    View Slide

  23. ΫϥΠΞϯταΠυτʔΫϯΛ࢖Θͳ͍
    ɾʮॲཧʯʮ఻ૹʯΛආ͚ΒΕͳ͍
    ɾੜͷΧʔυ൪߸Λѻ͏ϦεΫ
    ɹɾܦ࿏্ͷϩάʹΧʔυ൪߸࢒͍ͬͯ·ͤΜ͔ʁ
    ɹɾʮॲཧʯޙͷϝϞϦ͸҆શͰ͔͢ʁ

    View Slide

  24. ʮॲཧʯʮ఻ૹʯΛߦ͏͜ͱ͸ϦεΫͰ͢ɻ
    ΫϥΠΞϯταΠυτʔΫϯΛར༻ͯ͠
    ආ͚Δ͜ͱΛ͓͢͢Ί͠·͢ɻ

    View Slide

  25. ҆શͳ΢ΣϒܾࡁͷͨΊʹ
    ɾSSLͷ࢖༻(αΠτؙ͝ͱ or ࠷௿Ͱ΋ܾࡁϖʔδ)
    ɾద੾ͳΤϥʔϋϯυϦϯά
    ɾෆཁͳΧʔυ৘ใͷഁغ

    View Slide