Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
徳丸本輪読会
Search
mcz9mm
August 06, 2017
0
72
徳丸本輪読会
第三回
mcz9mm
August 06, 2017
Tweet
Share
More Decks by mcz9mm
See All by mcz9mm
SwiftUI-List-Pagination
mcz9mm
2
2.1k
ARKit2.0でAppleが伝えたいアプリ体験を考える
mcz9mm
2
1k
ゆるく学ぶARKit
mcz9mm
3
1.4k
What’s TCP/UDP?
mcz9mm
0
98
NATサーバーの必要性
mcz9mm
0
84
What’s New in ARKit2.0
mcz9mm
0
78
徳丸本 ログインフォーム
mcz9mm
0
97
arkit+animoji
mcz9mm
0
63
徳丸本8
mcz9mm
0
110
Featured
See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
290
Become a Pro
speakerdeck
PRO
24
5k
Producing Creativity
orderedlist
PRO
341
39k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.2k
GraphQLとの向き合い方2022年版
quramy
43
13k
GraphQLの誤解/rethinking-graphql
sonatard
66
9.9k
Learning to Love Humans: Emotional Interface Design
aarron
272
40k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
790
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Transcript
ಙؙձୈ̏ճ ຢདྷ ܆
Cookieग़ྗʹ·ͭΘΔ੬ऑੑ • େ͖͚͘Δͱ̎छྨͷ੬ऑੑ • CookieΛར༻͖͢Ͱͳ͍తͰ͍ͬͯΔ • Cookieͷग़ྗํ๏ʹ͕͋Δ IDΛอଘͩͧ σʔλͦͷͷΛอଘ͢Δͳ
ग़ྗ࣌ʹൃੜ͍͢͠੬ऑੑ • HTTPϔομɾΠϯδΣΫγϣϯ੬ऑੑ • CookieͷηΩϡΞଐੑෆඋ
ෆదͳར༻ • WEBϖʔδͰϖʔδΛ·͕ͨΔใΛอଘ͢Δํ๏ͱͯ͠ ɺηογϣϯཧػߏΛ༻͍ΒΕΔɻ͜ͷػߏͰηογϣ ϯIDͷΈΛCookieʹอଘ͠ɺσʔλࣗମwebαʔόͷϝϞ ϦϑΝΠϧɺDBͳͲʹอଘ͢Δɻ • ηογϣϯม֎෦͔Βॻ͖͑ΒΕͳ͍͕ɺCookieར ༻ऀ͔Βมߋ͕Ͱ͖ͯ͠·͏
CookieʹσʔλΛอଘ͠ͳ͍ํ͕ྑ͍ʂ • CookieͰ࣮ݱͰ͖ͯηογϣϯมͰ࣮ݱͰ͖ͳ͍͜ͱɺ ʮใͷण໋ͷ੍ޚʯͱʮҟͳΔαʔόʔͷใڞ༗ʯ • ͜ͷ̎Ҏ֎ηογϣϯมΛར༻͠Α͏ • CookieΛར༻͖͢λΠϛϯάɿ ɹɹɹɹɾϩάΠϯใΛอ࣋͢Δ ɹɹɹɹ
CookieͷηΩϡΞଐੑෆඋ Secureଐੑͱʁ http ͱ https ͱ֤௨৴Ͱ૬ޓͷߦ͖དྷ͕͋Δ߹ͳͲʹ https ͷ௨৴ͰͷΈ͏͖Cookieͷ͕ http ͷ௨৴ʹྲྀग़͢Δ͓ͦΕ͕͋Δɻ
ͦΕΛ͙ҝʹ Cookie ʹ secure ଐੑΛ͚ͯ https ௨৴ͰͷΈѻ͑ΔΑ͏ʹ͢Δͱ͍͏ରࡦ͕͋Δ
߈ܸख๏ ࣍ͷखॱͰฏจͷΫοΩʔ͕ωοτϫʔΫ্ʹྲྀΕΔɻ ·ͣɺHTTPSͰ͔ͭSecureଐੑͷ͔ͭͳ͍ΫοΩʔΛൃߦ͢ΔϖʔδΛӾཡ͠ɺϒϥβʔʹΫοΩʔ Ληοτ͢Δɻྫͱͯ͠URL https://www.example.jp/set_non_secure_cookie.php ͱ͢Δɻ ࣍ʹ᠘ϖʔδΛӾཡ͢Δɻ᠘ϖʔδʹԼهͷΑ͏ͳݟ͑ͳ͍imgλάʢ෯ͱߴ͕͞0ʣؚ͕·Ε͍ͯ Δɻ <img src="http://www.example.jp:443/trap/
width="0" height="0" /> URLͰࢦఆ͞Εͨϙʔτ൪߸443HTTPSͷσϑΥϧτϙʔτ͕ͩɺεΩʔϜ͕ʮhttp:ʯͱࢦఆ͞Ε͍ͯ ΔͷͰ͜ͷϦΫΤετ҉߸Խ͞Εͣʹૹ৴͞ΕΔɻϒϥβʹΫοΩʔΛૹ৴ͤ͞Δͷ͕తͳͷͰɺ URLͷը૾ͳͯ͘߈ཱܸ͢Δɻ ߈ܸऀ͕͜ͷ҉߸Խ͞Ε͍ͯͳ͍ΫοΩʔΛ౪ௌͰ͖Δ߹ɺηογϣϯϋΠδϟοΫʹѱ༻Ͱ͖Δɻ
ݪҼ ͷݪҼ୯ʹSecureଐੑΛ͚͍ͯͳ͍ͱ͍͏͚ͩͷ͜ ͱ͕ͩɺSecureଐੑΛ͚ͳ͍ओͳݪҼҎԼͷ2छྨ͕͋Δ ͱࢥΘΕΔɻ • ։ൃऀ͕Secureଐੑʹ͍ͭͯΒͳ͍ɻ • SecureଐੑΛ͚ΔͱΞϓϦέʔγϣϯ͕ಈ͔ͳ͘ͳΔɻ
ରࡦ ηογϣϯIDͷΫοΩʔʹSecureଐੑΛ͚Δ ΫοΩʔͷSecureଐੑෆඋͷରࡦΫοΩʔʹSecureଐੑΛ͚Δ͜ͱͰ ͋Δɻ PHPͰphp.iniʹҎԼͷઃఆΛ͢Δɻ session.cookie_secure = On Aapache Tomcatͷ߹ɺHTTPSଓ͞ΕͨϦΫΤετʹରͯ͠ɺηογϣ
ϯIDͷΫοΩʔʹࣗಈతʹSecureଐੑ͕ઃఆ͞ΕΔɻ
τʔΫϯΛར༻ͨ͠ରࡦ ηογϣϯIDΛอ࣋͢ΔΫοΩʔʹSecureଐੑ͕͚ΒΕͳ ͍߹ɺτʔΫϯΛར༻ͯ͠ηογϣϯϋΠδϟοΫΛࢭ͢ Δɻ τʔΫϯΛอ࣋͢ΔΫοΩʔʹSecureଐੑΛ͚Δ͜ͱʹ ΑͬͯɺHTTPϖʔδͱHTTPSϖʔδͰηογϣϯΛڞ༗ͭ͠ ͭɺԾʹηογϣϯIDΛ౪ௌ͞Εͨ߹ͰHTTPSϖʔδ ηογϣϯϋΠδϟοΫΛࢭͰ͖Δɻ
τʔΫϯ͕ͳͥྑ͍ͷ͔ʁ • τʔΫϯೝূޭ࣌ʹҰ͚ͩαʔόʔ͔Βग़ྗ͞ΕΔ • τʔΫϯHTTPSͷϖʔδͰੜ͞ΕΔ • τʔΫϯ࣮֬ʹ҉߸Խ͞Εͯϒϥβ͔Βૹ৴͞ΕΔ • HTTPSͷϖʔδΛӾཡ͢ΔʹτʔΫϯ͕ඞਢ͔ͩΒ αʔόʔͱϒϥβͷํͰ࣮֬ʹ҉߸Խ͞Εɺୈࡾऀ͕֬
࣮ʹΓಘͳ͍τʔΫϯ͕ඞཁʹͳΔ͔Βɺ҆શੑ͕֬อ͞ Ε͍ͯΔ
·ͱΊ • ݪଇͱͯ͠ηογϣϯIDͷΈʹ༻͍Δ͜ͱ • HTTPS௨৴Λ༻͍ΔΞϓϦέʔγϣϯͷCookieʹηΩϡ ΞଐੑΛ͚ͭΔ
END