Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
徳丸本輪読会
Search
mcz9mm
August 06, 2017
0
77
徳丸本輪読会
第三回
mcz9mm
August 06, 2017
Tweet
Share
More Decks by mcz9mm
See All by mcz9mm
SwiftUI-List-Pagination
mcz9mm
2
2.2k
ARKit2.0でAppleが伝えたいアプリ体験を考える
mcz9mm
2
1.1k
ゆるく学ぶARKit
mcz9mm
3
1.4k
What’s TCP/UDP?
mcz9mm
0
100
NATサーバーの必要性
mcz9mm
0
89
What’s New in ARKit2.0
mcz9mm
0
88
徳丸本 ログインフォーム
mcz9mm
0
99
arkit+animoji
mcz9mm
0
65
徳丸本8
mcz9mm
0
110
Featured
See All Featured
Designing for humans not robots
tammielis
250
25k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
7
660
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
The Invisible Side of Design
smashingmag
299
50k
A designer walks into a library…
pauljervisheath
205
24k
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.2k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.5k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
10
540
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
Transcript
ಙؙձୈ̏ճ ຢདྷ ܆
Cookieग़ྗʹ·ͭΘΔ੬ऑੑ • େ͖͚͘Δͱ̎छྨͷ੬ऑੑ • CookieΛར༻͖͢Ͱͳ͍తͰ͍ͬͯΔ • Cookieͷग़ྗํ๏ʹ͕͋Δ IDΛอଘͩͧ σʔλͦͷͷΛอଘ͢Δͳ
ग़ྗ࣌ʹൃੜ͍͢͠੬ऑੑ • HTTPϔομɾΠϯδΣΫγϣϯ੬ऑੑ • CookieͷηΩϡΞଐੑෆඋ
ෆదͳར༻ • WEBϖʔδͰϖʔδΛ·͕ͨΔใΛอଘ͢Δํ๏ͱͯ͠ ɺηογϣϯཧػߏΛ༻͍ΒΕΔɻ͜ͷػߏͰηογϣ ϯIDͷΈΛCookieʹอଘ͠ɺσʔλࣗମwebαʔόͷϝϞ ϦϑΝΠϧɺDBͳͲʹอଘ͢Δɻ • ηογϣϯม֎෦͔Βॻ͖͑ΒΕͳ͍͕ɺCookieར ༻ऀ͔Βมߋ͕Ͱ͖ͯ͠·͏
CookieʹσʔλΛอଘ͠ͳ͍ํ͕ྑ͍ʂ • CookieͰ࣮ݱͰ͖ͯηογϣϯมͰ࣮ݱͰ͖ͳ͍͜ͱɺ ʮใͷण໋ͷ੍ޚʯͱʮҟͳΔαʔόʔͷใڞ༗ʯ • ͜ͷ̎Ҏ֎ηογϣϯมΛར༻͠Α͏ • CookieΛར༻͖͢λΠϛϯάɿ ɹɹɹɹɾϩάΠϯใΛอ࣋͢Δ ɹɹɹɹ
CookieͷηΩϡΞଐੑෆඋ Secureଐੑͱʁ http ͱ https ͱ֤௨৴Ͱ૬ޓͷߦ͖དྷ͕͋Δ߹ͳͲʹ https ͷ௨৴ͰͷΈ͏͖Cookieͷ͕ http ͷ௨৴ʹྲྀग़͢Δ͓ͦΕ͕͋Δɻ
ͦΕΛ͙ҝʹ Cookie ʹ secure ଐੑΛ͚ͯ https ௨৴ͰͷΈѻ͑ΔΑ͏ʹ͢Δͱ͍͏ରࡦ͕͋Δ
߈ܸख๏ ࣍ͷखॱͰฏจͷΫοΩʔ͕ωοτϫʔΫ্ʹྲྀΕΔɻ ·ͣɺHTTPSͰ͔ͭSecureଐੑͷ͔ͭͳ͍ΫοΩʔΛൃߦ͢ΔϖʔδΛӾཡ͠ɺϒϥβʔʹΫοΩʔ Ληοτ͢Δɻྫͱͯ͠URL https://www.example.jp/set_non_secure_cookie.php ͱ͢Δɻ ࣍ʹ᠘ϖʔδΛӾཡ͢Δɻ᠘ϖʔδʹԼهͷΑ͏ͳݟ͑ͳ͍imgλάʢ෯ͱߴ͕͞0ʣؚ͕·Ε͍ͯ Δɻ <img src="http://www.example.jp:443/trap/
width="0" height="0" /> URLͰࢦఆ͞Εͨϙʔτ൪߸443HTTPSͷσϑΥϧτϙʔτ͕ͩɺεΩʔϜ͕ʮhttp:ʯͱࢦఆ͞Ε͍ͯ ΔͷͰ͜ͷϦΫΤετ҉߸Խ͞Εͣʹૹ৴͞ΕΔɻϒϥβʹΫοΩʔΛૹ৴ͤ͞Δͷ͕తͳͷͰɺ URLͷը૾ͳͯ͘߈ཱܸ͢Δɻ ߈ܸऀ͕͜ͷ҉߸Խ͞Ε͍ͯͳ͍ΫοΩʔΛ౪ௌͰ͖Δ߹ɺηογϣϯϋΠδϟοΫʹѱ༻Ͱ͖Δɻ
ݪҼ ͷݪҼ୯ʹSecureଐੑΛ͚͍ͯͳ͍ͱ͍͏͚ͩͷ͜ ͱ͕ͩɺSecureଐੑΛ͚ͳ͍ओͳݪҼҎԼͷ2छྨ͕͋Δ ͱࢥΘΕΔɻ • ։ൃऀ͕Secureଐੑʹ͍ͭͯΒͳ͍ɻ • SecureଐੑΛ͚ΔͱΞϓϦέʔγϣϯ͕ಈ͔ͳ͘ͳΔɻ
ରࡦ ηογϣϯIDͷΫοΩʔʹSecureଐੑΛ͚Δ ΫοΩʔͷSecureଐੑෆඋͷରࡦΫοΩʔʹSecureଐੑΛ͚Δ͜ͱͰ ͋Δɻ PHPͰphp.iniʹҎԼͷઃఆΛ͢Δɻ session.cookie_secure = On Aapache Tomcatͷ߹ɺHTTPSଓ͞ΕͨϦΫΤετʹରͯ͠ɺηογϣ
ϯIDͷΫοΩʔʹࣗಈతʹSecureଐੑ͕ઃఆ͞ΕΔɻ
τʔΫϯΛར༻ͨ͠ରࡦ ηογϣϯIDΛอ࣋͢ΔΫοΩʔʹSecureଐੑ͕͚ΒΕͳ ͍߹ɺτʔΫϯΛར༻ͯ͠ηογϣϯϋΠδϟοΫΛࢭ͢ Δɻ τʔΫϯΛอ࣋͢ΔΫοΩʔʹSecureଐੑΛ͚Δ͜ͱʹ ΑͬͯɺHTTPϖʔδͱHTTPSϖʔδͰηογϣϯΛڞ༗ͭ͠ ͭɺԾʹηογϣϯIDΛ౪ௌ͞Εͨ߹ͰHTTPSϖʔδ ηογϣϯϋΠδϟοΫΛࢭͰ͖Δɻ
τʔΫϯ͕ͳͥྑ͍ͷ͔ʁ • τʔΫϯೝূޭ࣌ʹҰ͚ͩαʔόʔ͔Βग़ྗ͞ΕΔ • τʔΫϯHTTPSͷϖʔδͰੜ͞ΕΔ • τʔΫϯ࣮֬ʹ҉߸Խ͞Εͯϒϥβ͔Βૹ৴͞ΕΔ • HTTPSͷϖʔδΛӾཡ͢ΔʹτʔΫϯ͕ඞਢ͔ͩΒ αʔόʔͱϒϥβͷํͰ࣮֬ʹ҉߸Խ͞Εɺୈࡾऀ͕֬
࣮ʹΓಘͳ͍τʔΫϯ͕ඞཁʹͳΔ͔Βɺ҆શੑ͕֬อ͞ Ε͍ͯΔ
·ͱΊ • ݪଇͱͯ͠ηογϣϯIDͷΈʹ༻͍Δ͜ͱ • HTTPS௨৴Λ༻͍ΔΞϓϦέʔγϣϯͷCookieʹηΩϡ ΞଐੑΛ͚ͭΔ
END