Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
徳丸本輪読会
Search
mcz9mm
July 30, 2017
0
65
徳丸本輪読会
第二回4.5
mcz9mm
July 30, 2017
Tweet
Share
More Decks by mcz9mm
See All by mcz9mm
SwiftUI-List-Pagination
mcz9mm
2
1.9k
ARKit2.0でAppleが伝えたいアプリ体験を考える
mcz9mm
2
890
ゆるく学ぶARKit
mcz9mm
3
1.3k
What’s TCP/UDP?
mcz9mm
0
79
NATサーバーの必要性
mcz9mm
0
79
What’s New in ARKit2.0
mcz9mm
0
71
徳丸本 ログインフォーム
mcz9mm
0
87
arkit+animoji
mcz9mm
0
63
徳丸本8
mcz9mm
0
110
Featured
See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
266
19k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Statistics for Hackers
jakevdp
789
220k
What's new in Ruby 2.0
geeforr
337
31k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
Music & Morning Musume
bryan
41
5.6k
For a Future-Friendly Web
brad_frost
172
9k
The Cost Of JavaScript in 2023
addyosmani
16
3.9k
What's in a price? How to price your products and services
michaelherold
237
11k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
Learning to Love Humans: Emotional Interface Design
aarron
267
39k
The Invisible Customer
myddelton
114
12k
Transcript
ॏཁͳॲཧͷࡍʹࠞೖ͢Δ੬ऑੑ ಙؙձ MataraiKaoru
ॏཁͳॲཧ • ΫϨΧͷܾࡁ • ϝʔϧͷૹ৴ • ޱ࠲͔Βͷૹۚ • ύεϫʔυIDͷมߋ •
etc..
ΫϩεαΠτɾϦΫΤετϑΥʔδΣϦ CSRF ʮ֬ೝʯॲཧ͕ൈ͚͍ͯΔ͚ͩͰউखʹ࣮ߦ͞ ͤΒΕΔةݥੑ͕͋Δ ॏཁͳॲཧͷѱ༻ʹݶΔͷͰඃʹ͋ͬͨར༻ ऀͷݸਓใ౪Ή͜ͱͰ͖ͳ͍
ൃੜՕॴ • CookieͷΈͰηογϣϯཧ͕ߦΘΕ͍ͯΔα Πτ • HTTPೝূɺSSLΫϥΠΞϯτূ໌ॻɺܞଳి ͷIDͷΈͰར༻ऀͷࣝผ͕ߦΘΕ͍ͯΔαΠτ
࣮ߦύλʔϯ • ར༻ऀ͕ରͷαΠτʹϩάΠϯ͍ͯ͠Δ • ߈ܸऀ͕᠘Λ༻ҙ͢Δ • ඃऀ͕᠘ΛӾཡ͢Δ • ᠘ͷJSʹΑΓαΠτʹର͠ɺ৽͍͠ύεϫʔ υ͕POSTϝιουͰૹ৴͞Ε͍ͯΔ
XSSͱͷൺֱ • ઃܭஈ֊ͰରࡦΛΓࠐΉඞཁ͕͋Δ • ೝ͕XSSʹൺ͍ͯ
෦ωοτϫʔΫʹର͢ΔCSRD߈ܸ • WebαΠτ͚ͩͰͳ͘෦ωοτϫʔΫʹ ଓ͞Εͨαʔόʔ߈ܸՄೳ • ϧʔλʔϑΝΠΞʔΥʔϧͷઃఆը໘ ੬ऑੑͷՄೳੑ͕
੬ऑੑ͕ੜ·ΕΔݪҼ Webͷੑ࣭Λར༻ͨ͠ͷ • fromཁૉͷactionଐੑʹͲͷυϝΠϯURL ͰࢦఆͰ͖Δ • Cookieʹอ͞ΕͨηογϣϯIDɺରα Πτʹࣗಈతʹૹ৴͞ΕΔ
ҙਤͨ͠HTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://example.jp/45/45-002.php ~~~~~~~~~~~~ pwd=pass1 ※ϦϑΝϥΛࢀর͢Δ͜ͱͰɺͲ͔͜Βͦͷϖʔδʹཁٻ͕དྷͨͷ͔ΛΔ ͜ͱ͕Ͱ͖Δ
CSRF߈ܸʹΑΔHTTPϦΫΤετ POST /45/45-003.php HTTP/1.1 Referer: http://trap.example.jp/45/45-900.php ~~~~~~~~~~~~ pwd=pass1
ରࡦͦͷ̍ • CSRFରࡦʹඞཁͳϖʔδΛѲ͢Δ ΧʔτʹՃ ೝূ ॅॴ֬ೝ ߪೖ֬ೝ ҙͷϖʔδ ݸਓใฤू
ใ֬ೝ มߋ
ରࡦͦͷ̎ • ਖ਼نར༻ऀͷҙਤͨ͠ϦΫΤετͰ͋Δ͜ͱΛ ֬ೝ͢Δ • ֬ೝํ๏ • τʔΫϯͷຒΊࠐΈ • ύεϫʔυ࠶ೖྗ
• RefererͷνΣοΫ
τʔΫϯͷຒΊࠐΈ • ୈࡾऀ͕Γಘͳ͍ൿີใΛཁٻ͢ΔΑ͏ʹ͢ΕผՄೳ ຒΊࠐΈɿ <input type=“hidden” name=“token” value”<?php echo htmlspecialchars(session_id(),
ENT_COMPAT, ‘UTF-8’); ?>”> ֬ೝɿ if (session_id() !== $_POST[‘token’]) { //Error Handle }
ύεϫʔυͷ࠶ೖྗ • ͷߪೖͳͲʹઌཱͬͯɺར༻ऀͷҙࢥΛ ೦ԡͯ֬͠͠ೝ͢Δ • ڞ༗PCͰଞਓ͕ૢ࡞͍ͯ͠ΔΘ͚Ͱͳ͘ɺ ຊʹਖ਼نͷར༻ऀͰ͋Δ͜ͱΛ֬ೝ͢Δ ্هҎ֎ͷϖʔδঢ়گͰߦ͏ͱඇৗʹ͍ʹ͍͘αΠτʹɾɾɾ
RefererͷνΣοΫ /* ࢀরݩʹΑͬͯৼΓ͚ॲཧ */ $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] :
null; if (preg_match("|^https?://[a-zA-Z0-9-]+\.hoge\.jp|", $referer)) { // "xxx.hoge.jp" αΠτ͔ΒͷΞΫηε࣌ͷॲཧɻ } else { /* ΞΫηε࣌ͷॲཧ */ }
อݥతͳରࡦ ରͷར༻ऀʹରͯ͠ॲཧ༰ͷ௨ϝʔϧͷ ૹ৴
End