実践! Webセキュリティ

Transcript

1.  খٱอ ཯थ R’PAKA
   ΞϧύΧɾδϟύϯ ࣮ફʂ8FCηΩϡϦςΟ

2. ຊฤ ŋŋŋ  Ø8&#ηΩϡϦςΟͷॏཁੑ ŋŋŋ  Ø߈ܸʹΑΔඃ֐ͷࣄྫŋŋŋ  Ø߈ܸͱͦͷରࡦŋŋŋ 

   Ø42-ΠϯδΣΫγϣϯŋŋŋ  Ø944
   ŋŋŋ  Ø$43'
   ŋŋŋ  ØଟྔϦΫΤετŋŋŋ  Ø·ͱΊŋŋŋ   ໨࣍ ໨࣍ ŋŋŋ  ෇࿥ ŋŋŋ  Ø8&#ηΩϡϦςΟͷॏཁੑ ŋŋŋ  Ø߈ܸʹΑΔඃ֐ͷࣄྫ ŋŋŋ  Ø8&#ϑϨʔϜϫʔΫͷར༻ ŋŋŋ  Ø߈ܸͱͦͷରࡦ ŋŋŋ  ØϒϧʔτϑΥʔεΞλοΫ ŋŋŋ  Ø42-ΠϯδΣΫγϣϯ ŋŋŋ  Ø944
   ŋŋŋ  Ø$43'
   ŋŋŋ  ØଟྔϦΫΤετ ŋŋŋ  ØαʔόΫϥΠΞϯτͷূ໌ ŋŋŋ  Ø44-
   ŋŋŋ  ØΫϥΠΞϯτূ໌ॻ ŋŋŋ  Ø·ͱΊ ŋŋŋ  ࢀߟจݙ ŋŋŋ 

3. 8&#ηΩϡϦςΟͷॏཁੑ 

4. 8FCηΩϡϦςΟͷॏཁੑ  8&#αʔϏε ˠ Πϯλʔωοτʹ઀ଓ ੈքதͷ୭Ͱ΋Կ࣌Ͱ΋઀ଓՄೳ ੈքதͷ୭Ͱ΋Կ࣌Ͱ΋߈ܸՄೳ ਤ

5. ৺ߏ͑  શͯͷϢʔβ͸ ѱҙͷ͋ΔϢʔβ Ͱ͋Δ ͱߟ͑Δ ͲͷΑ͏ͳαʔϏεͰ΋ ਤ

6. 8FCηΩϡϦςΟͷॏཁੑ  ̍ ઀ଓ୺຤ͷ૿Ճ ̏ݸਓ৘ใอޢ΁ͷؔ৺ͷߴ·Γ ̎ 8&#αʔϏεͷ૿Ճ 8&#ηΩϡϦςΟͷॏཁੑ͕ߴ·͍ͬͯΔ ਤ

7. ߈ܸʹΑΔඃ֐ͷࣄྫ 

8. ޷؝0PI
   0PPPPPPʂ զ䜤ྃ  
   ɾ೔هɾίϝϯτ݅ ෆਖ਼ϩάΠϯ 2018-02-28 19:13:10 Debug: Auth: [SUCCESS]

   Username: W*Z***Huang ҰൠϢʔβ Client IP: 123.**.*.* 2018-02-28 19:13:10 Debug: Auth: [SUCCESS] Username: W*Z***Huang ҰൠϢʔβ Client IP: 123.**.*.* 2018-02-28 19:13:10 Debug: Auth: [SUCCESS] Username: r****2**1 ؅ཧऀϢʔβ Client IP: 123.**.*.* ෩ͷڧ͍Ұ೔ ࠓ೔͸ಛผʹ෩͕ڧ͔ͬͨؾŋŋŋ 
   ɾ೔هɾίϝϯτ݅ य़ٳΈͷ௥Ճߨٛ ࢼݧ͸ऴΘ͕ͬͨࠓ೔͸େֶŋŋŋ 
   ɾ೔هɾίϝϯτ݅  ਤ

9. ෆਖ਼ͳॻ͖ࠐΈ  ෩ͷڧ͍Ұ೔ ࠓ೔͸ಛผʹ෩͕ڧ͔ͬͨؾŋŋŋ 
   ɾ೔هɾίϝϯτ݅ 
   ίϝϯτ ϝοηʔδɿ զ䜤ྃ  ɻ

   ྃղ य़ٳΈͷ௥Ճߨٛ ࢼݧ͸ऴΘ͕ͬͨࠓ೔͸େֶŋŋŋ 
   ɾ೔هɾίϝϯτ݅ 
   ίϝϯτ ޷؝޷؝޷؝޷؝޷؝޷؝޷ ؝޷؝޷؝޷؝޷؝޷؝޷؝ ޷؝޷؝޷؝޷؝޷؝޷؝޷ ؝޷؝޷؝޷؝޷؝޷؝޷؝ ޷؝޷؝޷؝޷؝޷؝޷؝޷ ؝޷؝޷؝޷؝޷؝޷؝޷؝ ޷؝޷؝޷؝޷؝޷؝޷؝޷ ŋŋŋ ਤ

10. ߈ܸͱͦͷରࡦ 

11. 42-ΠϯδΣΫγϣϯ  $sql = "SELECT * FROM UserTable WHERE Password=‘"

    . $password . "‘;"; $password = "nNggiftdBR" $sql = "SELECT * FROM UserTable WHERE Password=‘nNggiftdBR’;" $password = "' OR '1' = '1"; $sql = "SELECT * FROM UserTable WHERE Password='' OR '1' = '1';"; Α͋͘Δྫ ਖ਼͍͠ೖྗ ѱҙͷ͋Δೖྗ ਤ

12. SELECT * FROM UserTable WHERE Password= ; ϓϦϖΞʔυεςʔτϝϯτ  $stmt

    = $dbh->prepare("SELECT * FROM UserTable WHERE Password=?;"); $stmt->bindParam(1, $password); ϓϦϖΞʔυεςʔτϝϯτͷར༻ $password ϓϦϖΞʔυεςʔτϝϯτ ϓϨʔεϗϧμ όΠϯυ ஋ͱͯ͠ૠೖ ਤ

13. 944  <h1> OohOoooooo
    </h1> ಺༰ ίϝϯτΛ࢒͢ ૹ৴ <script> console.log(' :-)');

    </script>  य़ٳΈͷ௥Ճߨٛ ࢼݧ͸ऴΘ͕ͬͨࠓ೔͸େֶŋŋŋ 
    ɾ೔هɾίϝϯτ݅ 
    ίϝϯτ ςετίϝϯτ 
    ίϝϯτ ޷؝0PI0PPPPPPʂ 
    ίϝϯτ <div> <div>  </div> <div> <h1> OohOoooooo
    </h1> </div> <div> <script> console.log(‘...’); </script> </div> </div> ਤ

14. Τεέʔϓ 
    ෆඞཁλάͷ࡟আ   Ϣʔβ͔Βͷೖྗ ಺༰ ίϝϯτΛ࢒͢ ૹ৴ ϖʔδ΁ͷग़ྗ தؒอ؅σʔλ

    %#ͳͲ 
    ίϝϯτ ςετίϝϯτ ద੾ͳॲཧ จࣈྻͱͯ͠ѻ͏΂͖ ˠΤεέʔϓ )5.-ͱͯ͠ѻ͏΂͖ ˠෆඞཁλάͷ࡟আ ਤ

15. Τεέʔϓ 
    ෆඞཁλάͷ࡟আ   ςΩετ )5.-  BNQ  MU

     HU l RVPU ˜ DPQZ Τεέʔϓ ग़ྗ &lt;a&gt;
    &lt;/a&gt;&lt;b&gt; &lt;/b&gt; λά Մ൱ B º C ʓ TDSJQU º I º EJW ʓ ෆඞཁλάͷ࡟আ Ϣʔβ͔Βͷೖྗ ग़ྗ <a>
    </a><b></b>
    <b></b> Ϣʔβ͔Βͷೖྗ <a>
    </a><b></b> ਤ

16. Τεέʔϓ 
    ෆඞཁλάͷ࡟আ   Τεέʔϓ htmlspecialchars($comment->content, ENT_QUOTES); <div class="comment comment__text">{{

    $comment->content }}</div> <div class="comment comment__text">{!! $comment->content !!}</div> strip_tags($comment->content, '<b><div>'); ෆඞཁλά࡟আ ਤ

17. $43'  ඃ߈ܸαʔό ߈ܸαʔό ϖʔδ഑৴ ϦΫΤετૹ৴ ʢϑΥʔϜͷ಺༰ͳͲʣ ෆਖ਼ϦΫΤετ ૹ৴ ϖʔδ഑৴

    ߈ܸαʔόͷϖʔδ ʢѱҙͷ͋ΔεΫϦϓτຒΊࠐΈʣ ඃ߈ܸαʔόͷϖʔδ ඃ߈ܸϢʔβ ࣗαʔό഑৴ϖʔδҎ֎ͷϦΫΤετ͸ڋ൱͠ͳ͚Ε͹ͳΒͳ͍ ਤ

18. $43'τʔΫϯ   ඃ߈ܸαʔό ߈ܸαʔό ϖʔδ഑৴ ϖʔδ഑৴ ߈ܸαʔόͷϖʔδ ʢѱҙͷ͋ΔεΫϦϓτຒΊࠐΈʣ ඃ߈ܸαʔόͷϖʔδ

    ඃ߈ܸϢʔβ τʔΫϯ τʔΫϯ
    ϦΫΤετ τʔΫϯແ͠ ෆਖ਼ϦΫΤετ τʔΫϯ ݕূ ਤ

19. $43'τʔΫϯ   <form action="/comment/post" method="post"> <input type="hidden" name="_token" value="O4d7cen95mWDr0tlBLe1dha6MoTp64BrlS5xThTX”

    > <input type="text" name="comment[name]"> <input type="text" name="comment[title]"> <textarea name="comment[content]"></textarea> <button type="submit">
    </button> </form> ਤ

20. $43'τʔΫϯ   ਤ

21. $43'τʔΫϯ   <?php $TOKEN_LENGTH = 16; $tokenByte = openssl_random_pseudo_bytes($TOKEN_LENGTH);

    $token = bin2hex($tokenByte); $_SESSION['_token'] = $token; ?> <input type='hidden' name='_token' value='{!! $token !!}'> <?php if ($_POST['_token'] === $_SESSION['_token']) { ਖ਼ৗॲཧ } else { $43'߈ܸൃੜ } ?> $_POST['_token'] τʔΫϯ $_SESSION['_token'] ਤ

22. $43'τʔΫϯ   <form method="POST" action="/comment/post"> @csrf ... </form> <form

    method="POST" action="/comment/post"> {{csrf_field()}} ... </form> VerifyCsrfToken ϛυϧ΢ΣΞ͕ॲཧͷ౓ʹ$43'τʔΫϯʹؔ͢ΔॲཧΛ࣮ߦ ਤ

23. 
    ίŋŋŋ ޷؝޷؝޷؝ ଟྔϦΫΤετ  य़ٳΈͷ௥Ճߨٛ ࢼݧ͸ऴΘ͕ͬͨࠓ೔͸େֶŋŋŋ 
    ɾ೔هɾίϝϯτ݅ 
    ίϝϯτ ޷؝޷؝޷؝޷؝޷؝޷؝޷ ؝޷؝޷؝޷؝޷؝޷؝޷؝

    ޷؝޷؝޷؝޷؝޷؝޷؝޷ ؝޷؝޷؝޷؝޷؝޷؝޷؝ ޷؝޷؝޷؝޷؝޷؝޷؝޷ ؝޷؝޷؝޷؝޷؝޷؝޷؝ ޷؝޷؝޷؝޷؝޷؝޷؝޷ ŋŋŋ य़ٳΈͷ௥Ճߨٛ ࢼݧ͸ऴΘ͕ͬͨࠓ೔͸େֶŋŋŋ 
    ɾ೔هɾίϝϯτŋŋŋ 
    ίϝϯτ ޷؝޷؝޷؝ ŋŋŋ 
    ίϝϯτ ޷؝޷؝޷؝ ਤ

24. $"15$)"  # 0 5 ൑ ผ ಺༰ ίϝϯτΛ࢒͢ ૹ৴

    ൑ผςετ ਤ

25. (PPHMF
    SF$"15$)"
    W  # 0 5 ൑ ผ ಺༰ ίϝϯτΛ࢒͢ ૹ৴

    ΞΫηεཤྺ ୺຤ૢ࡞ཤྺ ൑ผςετ ਤ

26. (PPHMF
    SF$"15$)"
      ਤ

27. (PPHMF
    SF$"15$)"
     <script src=‘https://www.google.com/recaptcha/api.js?hl=ja’> </script> <form> ... <div class="g-recaptcha" data-sitekey="

    ... "></div> ... </form> $recaptchaResponse = $_POST['g-recaptcha-response']; $secretKey = " ... "; $response = file_get_contents(” https://www.google.com/recaptcha/api/siteverify ?secret={$secretKey}&response={$recaptchaResponse} "); $responseKeys = json_decode($response, true); if (intval($responseKeys["success"]) !== 1) { ೝূࣦഊ } else { ೝূ੒ޭ }  data-sitekey ͱ secretKey ͸ (PPHMFͷαΠτ্ͰൃߦͰ͖Δ ਤ

28. ·ͱΊ 

29. ·ͱΊ   ࠓճࣔͨ͠ରࡦΛࣔͨ͠߈ܸ͸ͲΕ΋ Α͋͘Δ੬ऑੑ ΋ͬͱߴ౓ͳ੬ऑੑ΋͋Δ͕ ·ͣ͸Α͋͘Δ੬ऑੑ͔Βରॲ͢΂͖ ͔͠͠ରࡦ͠ͳ͍ͱŋŋŋ ਂࠁͳඃ֐͕ൃੜ

30. ҙ֎ͱରԠͰ͖ͯͳ͍Ͱ͢  42-ΠϯδΣΫγϣϯ ݅ͷใࠂ 944 ݅ͷใࠂ $43' ݅ͷใࠂ ೥ใࠂ෼ ਤ

31. Α͋͘Δ੬ऑੑͰ΋ରࡦ͸࣮֬ʹ  ೥ͷιχʔͷେن໛৘ใྲྀग़΋ 42-ΠϯδΣΫγϣϯ͕ݪҼͰ͢ ਤ

32. ·ͱΊ   ࠓճࣔͨ͠ରࡦ͸ͲΕ΋ ແྉ ͔ͭ ؆୯ Α͋͘Δ߈ܸख๏͸࣮֬ʹ๷͗·͠ΐ͏ʂ

33. ෇࿥ 

34. 8&#ηΩϡϦςΟͷॏཁੑ 

35. ৘ใγεςϜͷதʹ͸ݸਓ৘ใ౳ͷॏཁͳ৘ใΛอ࣋͠ɼར༻͢Δ΋ͷ΋͋Γ ͦ͏͍ͬͨγεςϜʹ͓͍ͯ͸ɼ৘ใͷอޢͷͨΊʹηΩϡϦςΟରࡦ͕ॏཁͰ ͋ΔɽͱΓΘ͚ɼৗ࣌Πϯλʔωοτͱ͍͏୭Ͱ΋ར༻ՄೳͳωοτϫʔΫʹ઀ ଓ͞Ε͍ͯΔ4/4΍ϗʔϜϖʔδͱݴͬͨ8FCαʔϏε͸ৗʹੈքத͔Β߈ܸ Λड͚ΔϦεΫΛ๊͓͑ͯΓɼ8FCαʔϏεͷηΩϡϦςΟରࡦɼ8FCηΩϡ ϦςΟ͕ॏཁͰ͋Δɽ ਤ
    ͲͷΑ͏ͳαʔϏεʹ͓͍ͯ΋શͯͷϢʔβ͕ѱҙ ͷ͋ΔϢʔβͰ͋Δͱߟ͑ɼϢʔβͷೖྗΛҰ੾৴པͤͣʹରࡦΛߨ͡Δ΂͖Ͱ ͋Δɽ

    ਤ
    ࣮ࡍɼࣗ෼͕؅ཧ͍ͯ͠ΔαʔόͰӡ༻͍ͯ͠Δछछͷ8FCΞϓϦ έʔγϣϯʹରͯ͠΋සൟʹ߈ܸ͕ߦΘΕ͓ͯΓɼதʹ͸৘ใྲྀग़΍ϖʔδվ᜵ ͱݴͬͨඃ֐ʹܨ͕ͬͨ෺΋͋Γɼ8FCηΩϡϦςΟͷॏཁੑΛײͨ͡ɽ ಛʹۙ೥8FCηΩϡϦςΟ͕஫໨͞Ε͍ͯΔɽͦΕ͸ҎԼͷཧ༝ʹΑΔ෺ͱߟ ͑ΒΕΔɽ ਤ  Πϯλʔωοτʹ઀ଓ͞ΕΔ୺຤ͷ૿Ճ r Πϯλʔωοτීٴ཰ͷ૿Ճɼ৘ ใ୺຤ͷར༻ͷ֦େɼిࢠԽɼ*P5   ʹ൐͏8FCαʔϏεͷ૿Ճ  ݸਓ৘ใ΁ͷؔ৺ͷߴ·Γ r ("'"΁ͷ՝੫ӡಈɼ'BDFCPPLͷ৘ใྲྀग़ɼ ԤभͰͷݸਓ৘ใอޢͷڧԽ ຊϨϙʔτͰ͸ࣗ෼͕࣮ࡍʹӡ༻͍ͯ͠Δ8FCΞϓϦέʔγϣϯʹରͯ͠աڈ ʹߦΘΕͨ߈ܸͱͦΕʹରͯ͠ߦͬͨରࡦΛ·ͱΊΔ͜ͱʹΑͬͯ8FCηΩϡϦ ςΟʹ͍ͭͯͷཧղΛਂΊΔɽ 8FCηΩϡϦςΟͷॏཁੑ 

36. ߈ܸʹΑΔඃ֐ͷࣄྫ 

37. ߈ܸʹΑΔඃ֐ͷࣄྫ ࣗ෼ͷϗʔϜϖʔδʹ͸ࣗ࡞ͷϢʔβΞΧ΢ϯτೝূ͕͋ΓɼϢʔβʹ͸ʮҰ ൠϢʔβʯʮ؅ཧऀϢʔβʯͷ۠ผ͕͋Δɽʮ؅ཧऀϢʔβʯͷΈ͕؅ཧ༻ϖʔ δʹΞΫηε͠ɼϒϩάهࣄͷ௥Ճ͕ߦ͑ΔΑ͏ʹͳ͍ͬͯΔɽ͋Δ೔αʔό؅ ཧΛ͍ͯ͠ΔͱϩάʹਤࠨͷΑ͏ͳॻ͖ࠐΈ͕͋ͬͨɽ ͙͢ʹϗʔϜϖʔδΛ֬ೝͨ͠ͱ͜Ζɼਤӈʹࣔ͢Α͏ͳݟ֮͑ͷͳ͍هࣄ ͕௥Ճ͞Ε͍ͯͨɽ·ͨɼະެ։ঢ়ଶͷهࣄ͕ӾཡͰ͖ͨՄೳੑ͕͋Δɽ͙͢ʹ ϩάΠϯػೳΛແޮԽ͠ɼରࡦΛݕ౼ͨ͠ɽ ϩά͔Β෼͔ͬͨͷ͸࣍ͷ఺Ͱ͋Δɽ 

    ୹͍࣌ؒʹେྔͷϩάΠϯࢼߦ͕ߦΘΕ͍ͯΔ͜ͱ 
    ϒϧʔτϑΥʔεΞλοΫ  ϩά͕࢒͍ͬͯΔͷͰɼਖ਼نͷϩάΠϯॲཧΛܦͯ؅ཧऀΞΧ΢ϯτʹΑΔ ਖ਼ৗϩάΠϯͰ͋Δͱೝࣝ͞Εͨ͜ͱ 
    %#ͷ৘ใͱͷর߹΁ͷ߈ܸͷՄೳੑɼೝূର৅ૢ࡞ͷݕূෆ଍  ࣗ෼ͷϗʔϜϖʔδʹ͸ࣗ࡞ͷϒϩάػೳ͕͋Γɼϒϩάهࣄʹରͯ͠͸ίϝ ϯτ͕ߦ͑ΔΑ͏ʹͳ͍ͬͯΔɽ͋Δ೔ɼϒϩάهࣄͷίϝϯτ݅਺͕૿͍͑ͯ ͨͷͰ֬ೝͨ͠ͱ͜ΖɼͦͷϖʔδΛ։͘ͱਤࠨʹࣔ͢Α͏ͳઃఆ֮ͨ͑͠ͷ ͳ͍μΠΞϩά͕දࣔ͞Εͨɽ·ͨɼผͷϒϩάهࣄΛ։͘ͱਤӈʹࣔ͢Α͏ ͳඇৗʹ௕͍ίϝϯτ͕ॻ͖ࠐ·Ε͓ͯΓɼϖʔδͷಡΈࠐΈ͕ඇৗʹॏ͘ͳͬ ͍ͯͨɽ 
    944ɼϑΥʔϜͷݕূෆ଍

38. 8FCϑϨʔϜϫʔΫ ͷར༻ 

39. 8FCϑϨʔϜϫʔΫͷར༻  )551ϦΫΤετ )551ϦΫΤετ 63* ΫΤϦ ΫοΩʔ ϝιου FUDʜ )551Ϩεϙϯε

    )551Ϩεϙϯε ಠࣗॲཧ ϑϨʔϜϫʔΫ ͕ఏڙ ։ൃऀ͕ ֦ு ਤ

40. 8FCϑϨʔϜϫʔΫͷར༻  ├── app │ ├── Http │ │ ├──

    Controllers │ │ │ ├── Controller.php ├── config │ ├── app.php │ ├── auth.php │ ├── database.php ├── database │ ├── migrations ├── resources ├── routes ├── storage ├── vendor class Comment extends Model { ... } DPNNFOUT JE UZQF DPOUFOU VOSFBE  OPSNBM 5&45 'BMTF ਤ

41. 8FCϑϨʔϜϫʔΫͷར༻  ਤ

42. 8FCϑϨʔϜϫʔΫͷར༻  ϑϨʔϜϫʔΫ ਤ

43. 8FCϑϨʔϜϫʔΫͷར༻  8FCΞϓϦέʔγϣϯΛ࡞੒͢Δ্Ͱɼ)551ϦΫΤετΛड͚)551Ϩε ϙϯεΛฦ͢ͳͲɼඞͣඞཁͳॲཧ͸ଟ͋͘Δɽ͜ΕΒΛಠࣗʹ࣮૷͢Δͱ੬ ऑੑ͕ฆΕࠐΉཁҼʹ΋ͳΓɼ·ͨ࿑ྗ͕͔͔Δɽ8FCΞϓϦέʔγϣϯͱ ͯ͠ඞͣඞཁͳॲཧΛ࡞੒͠ఏڙ͢Δ͜ͱʹΑͬͯ͜͏͍ͬͨ໰୊ΛղফͰ͖ Δͷ͕8FCϑϨʔϜϫʔΫͰ͋Δɽ<> ਤ
    8FCΞϓϦέʔγϣϯͱͯ͠ͷ ॲཧΛମܥཱͯͯ࿮૊Έʹ͠ɼϢʔβ͸ͦͷ࿮૊ΈʹैͬͯͦΕͧΕͷ8FC

    ΞϓϦέʔγϣϯͱͯ͠ඞཁͳࠩ෼ͷΈΛʮ֦ுʯ͢ΔࣄʹΑͬͯ8FCΞϓ Ϧέʔγϣϯͷ࡞੒͕Ͱ͖Δɽ 8FCϑϨʔϜϫʔΫ͸ձࣾ΍༗ࢤͷίϛϡχςΟͱ͍ͬͨ૊৫ʹΑͬͯ࡞ ੒͞Ε͍ͯΔɽଟ͘ͷਓ͕࡞੒ʹܞΘΓ࢖͍΍͢͞΍੬ऑੑͷݕূͳͲΛߦͬ ͍ͯΔͨΊಠࣗʹ8FCΞϓϦέʔγϣϯΛ࣮૷͢ΔΑΓ΋൚༻ੑ͕ߴ҆͘શ ͳ8FCΞϓϦέʔγϣϯʹͳΓ΍͍͢ͱߟ͑ΒΕΔɽ·ͨ͋Δ࿮૊ΈʹԊͬ ͨϓϩάϥϜʹͳΔͨΊɼϑΝΠϧͷஔ͖ํ΍ϓϩάϥϜͷ࡞Γํɼ໋໊ͳͲ ͷϧʔϧʹ੍໿͕ൃੜ͢Δ ਤ
    ͕͜Ε͸ෳ਺ਓͰͷ։ൃʹద͍ͯ͠ΔɽԿͷ ࿮૊Έ΋ͳ͍৔߹ͦΕͧΕͰಠࣗʹϧʔϧΛઃఆͯ͠ϓϩάϥϜΛ࡞੒͢Δͨ ΊҰ؏ੑ͕ແ͘ͳΓɼ͋Δਓ͕࡞੒ͨ͠ϓϩάϥϜΛଞͷਓ͕ཧղ͠ʹ͘͘ͳ Δɽ ਤ
    ͋Δ͍͸ϑΝΠϧͷஔ͖৔ॴ͕ཚࡶʹͳΔͱߦͬͨ໰୊͕ߟ͑ΒΕ ΔɽϑϨʔϜϫʔΫʹΑΓఏڙ͞ΕΔܾ·ͬͨϧʔϧʹै͑͹͜͏͍ͬͨ໰୊ ͸ղফ͞ΕΔɽ ਤ

44. 8FCϑϨʔϜϫʔΫͷར༻  8FCϑϨʔϜϫʔΫ͸8FCΞϓϦέʔγϣϯͱͯ͠ඞཁͳॲཧΛؚΜͰ͍ ΔͨΊɼಛʹ͋ΒΏΔػೳΛ಺ଂ͢ΔʮϑϧελοΫϑϨʔϜϫʔΫʯͰ͸ઌ ʹڍ͛ͨ944ɼ42-ΠϯδΣΫγϣϯͱ͍ͬͨ߈ܸʹ؆୯ʹରԠͰ͖ΔΑ͏ ʹ࡞੒͞Ε͍ͯΔɽࠓճ͸ࢲͷϗʔϜϖʔδͰ༻͍͍ͯΔQIQͷ8FCϑϨʔ ϜϫʔΫʮ-BSBWFMʯΛҰྫʹઌʹڍ͛ͨ߈ܸʹର͢Δରࡦͱͯ͠ར༻Ͱ͖Δ ػೳΛ঺հ͍ͯ͠Δɽ

45. ߈ܸͱͦͷରࡦ 

46. ϒϧʔτϑΥʔεΞλοΫ  Ϣʔβ*% ύεϫʔυ ϩάΠϯ ϩάΠϯ aaaa aaab aaac aaad

    ŋŋŋ pswd abcd password 1234 ŋŋŋ ࣙॻॱ ύεϫʔυ Ϧετ ϒϧʔτϑΥʔεʢྗͮ͘ʣͳํ๏ɿՄೳੑͷ͋ΔೝূࢠΛશͯࢼ͢ ೝূʹԿͷ੍ݶ΋ͳ͍৔߹ɿ࣌ؒΛֻ͚Ε͹ඞͣಥഁՄೳ ਤ

47. ϒϧʔτϑΥʔεΞλοΫ r ରࡦ  nNggiftdBR WeNkVLgWKpHCavtHwsBP H3bk4JL3iQ dd]+6%Y6W4 ௕͘͢Δ ར༻͢ΔจࣈछΛ૿΍͢

    ೝূࢠ    Ұఆ࣌ؒ ୯७ͳೝূ੍ݶŋŋŋͱ͍ͬͯ΋༷ʑ ࢼߦճ਺ ࢼߦִؒ ೝূࢠͷ޻෉ શϢʔβʹద༻͢Δඞཁ͋Γɿརศੑ΋ߟ͑ͯۛຯ͢Δඞཁ͋Γ ਤ

48. ϒϧʔτϑΥʔεΞλοΫ  ʮϒϧʔτϑΥʔεʯ͸ʮྗͮ͘ʯͱ͍͏ҙຯͰ͋Δɽ<> ϒϧʔτϑΥʔεΞλοΫ͸୯७ʹՄೳੑͷ͋ΔೝূࢠʢύεϫʔυʣΛ༻ ͍ͯ૯౰ͨΓͰೝূΛࢼΈΔ߈ܸख๏Ͱ͋Δɽ ਤ
    Մೳੑͷ͋Δೝূࢠͷ બͼํ͸ࣙॻॱ΍Α͘࢖ΘΕΔ΋ͷΛ༏ઌతʹબͿͳͲ༷ʑͰ͋ΔɽԿ΋ରࡦ Λ͠ͳ͍৔߹ɼ࣌ؒΛֻ͚Ε͹࣮֬ʹಥഁͰ͖Δɽܭࢉػͷੑೳ޲্ʹ൐͍ɼ ೝূಥഁ·Ͱͷ࣌ؒ͸୹͘ͳ͓ͬͯΓɼରࡦ͸ඞਢͰ͋Δͱݴ͑Δɽ

    ϒϧʔτϑΥʔεΞλοΫ͸ೝূࢠͷ૊Έ߹ΘͤΛଟ͘͠ɼ૯౰ͨΓʹ͔͔ Δ࣌ؒΛ௕ͨ͘͠Γɼೝূࢼߦճ਺Λ੍ݶͨ͠Γ͢ΔࣄʹΑͬͯରࡦ͕ՄೳͰ ͋Δɽ<> ೝূࢠΛ௕͘͢Δ͜ͱ͸༗ޮͰ͋Δɽ ਤ
    ྫ͑͹จࣈͷେখ͍ͣΕ͔ ͷӳࣈ͚ͩͰ͋Ε͹.)[ͷ$16Ͱ෼ʙ࣌ؒͰղಡՄೳͰ͋Δ͕ɼ จࣈͷେখӳ਺ࣈ ه߸Ͱ͋Ε͹εʔύʔίϯϐϡʔλͰ΋೔͔͔Δͱ͞ ΕΔɽ<> ͨͩɼۙ೥৘ใྲྀग़ͳͲʹΑΓଞͷαʔϏε͔Βͷ৘ใྲྀग़ʹΑΓಛఆͷ Ϣʔβͷύεϫʔυ͕ྲྀग़͢Δ͜ͱ͕͋Δɽͦ͏͍ͬͨύεϫʔυͷϦετ ʢύεϫʔυϦετʣΛ༻͍ͨϒϧʔτϑΥʔεΞλοΫͰ͸্هରࡦ͚ͩͰ ͸ෆे෼Ͱ͋ΔՄೳੑ͕͋Δɽ΍͸ΓɼೝূࢠΛ௕͘͢Δ͜ͱʹՃ͑ɼೝূͷ ࢼߦʹ੍ݶΛՃ͑Δͱݴͬͨରࡦ͕ඞཁͰ͋Δɽ ਤ
    <>

49. ϒϧʔτϑΥʔεΞλοΫ  ೝূࢼߦͷ੍ݶʹ͸ࢼߦճ਺ͷ੍ݶ΍ࢼߦִؒͷ੍ݶ͕ߟ͑ΒΕΔɽ৔߹ʹ Αͬͯ͸͜ΕΒΛ૊Έ߹Θ੍ͨ͠ݶΛߦ͏৔߹΋͋ΔɽࢲͷϗʔϜϖʔδͰ͸ Ұఆͷࢼߦճ਺Λ௒͑ΔͱҰఆͷ࣌ؒɼࢼߦΛڋ൱͢ΔΑ͏ʹ͍ͯ͠Δɽ·ͨɼ ͞ΒʹͦΕͰ΋ࢼߦʹࣦഊ͠ଓ͚Δͱ؅ཧऀ͕༗ޮʹ͠ͳ͍ݶΓ͸ೝূΛڋ൱ ͢Δɽ ͨͩϩάΠϯࢼߦͷ੍ݶͷ࣮ࢪ͸೉͍͠ͱ͜Ζ͕͋Δɽ͋·ΓʹϩάΠϯࢼ ߦΛ੍ݶ͢ΔͱύεϫʔυΛ๨ΕͨࡍͳͲʹճ෮͢Δඞཁ͕ੜ͡Δ͜ͱ͕ଟ͘ ͳΓɼਖ਼نϢʔβͷརศੑ௿Լʹܨ͕Δɽ͜Ε͸ೝূࢠͷճ෮खஈʹ΋ΑΓɼ

    ͲͷΑ͏ͳݫ͠͞ͰϩάΠϯࢼߦʹ੍ݶΛઃ͚Δ͔͸Αۛ͘ຯͯ͠γεςϜΛ ઃܭ͢Δඞཁ͕͋Δͱߟ͑ΒΕΔɽ

50. 03.ͷར༻  $comment = new Comment(); $comment->content = "Test"; $comment->save();

    03.ͷར༻ %#ͷςʔϒϧͱϓϩάϥϜͷ ΦϒδΣΫτΛରԠ෇͚Δ JE UZQF DPOUFOU VOSFBE  OPSNBM 5&45 'BMTF %#ͷςʔϒϧ class Comment { public $id; public $type; public $content; public $unread; } ϓϩάϥϜͷΦϒδΣΫτ TBWF */4&35
    PS 61%"5& σʔλ ΦϒδΣΫτ %# ਤ

51. %#.4Ͱͷݖݶઃఆ   mysql> SHOW GRANTS FOR ...; +------------------------------------------------------------------+ |

    Grants for FarPoint@localhost | +------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON `FarPointDB`.* TO 'FarPoint'@'localhost' | +------------------------------------------------------------------+ +--------------------------------------------------------------+ | Grants for redmine@localhost | +--------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON `redmine`.* TO 'redmine'@'localhost' | +--------------------------------------------------------------+ +---------------------------------------------------------------------+ | Grants for root@localhost | +---------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION | +---------------------------------------------------------------------+ %#͝ͱʹϢʔβΛ༻ҙͯ͠ݖݶΛ෇༩ ଞͷαΠτͷ੬ऑੑͷӨڹΛड͚ͳ͍Α͏ʹ͍ͯ͠Δ ਤ

52. %#.4Ͱͷݖݶઃఆ   αΠτ" ϓϩάϥϜ αΠτ# ϓϩάϥϜ αΠτ# %# αΠτ"

    %# Ϣʔβ ςʔϒϧ هࣄ ςʔϒϧ ϩάΠϯ༻ هࣄදࣔ༻ શͯ0, ࢀরͷΈ શͯ0, ਤ

53. %#.4Ͱͷݖݶઃఆ   αΠτ" ϓϩάϥϜ αΠτ" %# Ϣʔβ ςʔϒϧ هࣄ

    ςʔϒϧ ϩάΠϯ༻ هࣄදࣔ༻ ෆਖ਼ ΫΤϦ Ϣʔβ࡟আ ࢀরͷΈ ΫΤϦڋ൱ ͖ͪΜͱݖݶઃఆ͓͚ͯ͠͹ඃ֐Λ཈͑ΒΕΔՄೳੑ͋Γ ਤ

54. %#.4Ͱͷݖݶઃఆ   ਤ mysql> GRANT [ ] ON [
    

    ] TO [
     ]; ࢦఆจࣈ ݖݶ಺༰ BMM
    QSJWJMBHFT ݖݶฤूҎ֎શͯ BMUFS ςʔϒϧߏ଄มߋ DSFBUF ςʔϒϧ࡞੒ ESPQ ςʔϒϧ࡟আ TFMFDU ߦࢀর JOTFSU ߦૠೖ VQEBUF ߦฤू EFMFUF ߦ࡟আ

55. 42-ΠϯδΣΫγϣϯ  42-ΠϯδΣΫγϣϯ͸֎෦͔Βೖྗ͞Εͨ஋͔Β42-จΛੜ੒࣮ͯ͠ߦ ͢Δࡍʹɼ42-จͱͯ͠ղऍͰ͖Δ஋Λೖྗͱͯ͠༩͑Δ͜ͱʹΑͬͯΞϓϦ έʔγϣϯ։ൃऀ͕ҙਤ͠ͳ͍42-จ͕࣮ߦ͞Εͱ͍͏੬ऑੑͰ͋Δɽੜ੒͢ Δ42-จʹ΋ΑΔ͕ɼ%#ͷσʔλվ᜵΍࡟আ͕ߦΘΕͨΓɼ৘ใ࿙Ӯ͕ൃੜ ͢Δɽ<>
    ਤͷྫͰ͸8)&3&અͷޙʹඞͣਅͰ͋Δͱ൑ఆ͞ΕΔจࣈྻΛ ؚ·ͤΔ͜ͱʹΑͬͯҙਤ͠ͳ͍σʔλ͕औಘ͞ΕΔɽ ஋͕42-จͱͯ͠ղऍͰ͖ͯ͠·͏จࣈΛؚΜͰ͍Δͱ͖ʹɼ42-จͱ͠ ͯղऍͯ͠͠·͍ͬͯΔࣄ͕ݪҼͰ͋Δɽ<>

    ରࡦͱͯ͠͸·ͣ஋Λ42-จͱͯ͠ղऍͤ͞ͳ͍ํ๏͕ߟ͑ΒΕΔɽ͜Ε͸ ϓϩάϥϜ্Ͱ42-จͷ಺ɼ஋Λࢦఆ͢ΔՕॴʢϓϨʔεϗϧμʣΛࢦఆͯ͠ ͓͍ͨจʢϓϦϖΞʔυεςʔτϝϯτʣΛ༻ҙ͠ɼͦ͜ʹ஋Λૠೖ͢Δʢό Πϯυʣ͜ͱʹΑͬͯ࠷ऴతʹಘ͍ͨ42-จΛੜ੒͢Δ͜ͱʹΑͬͯՄೳͰ͋ Δɽ ਤ
    όΠϯυ͢Δࡍʹ͸஋ͱͯ͠ѻΘΕ42-จͱͯ͠ղऍ͞Εͳ͍Α ͏ʹૠೖ͞ΕΔɽόΠϯυػߏ͕࢖͑ͳ͍৔߹ʹ͸όϦσʔγϣϯ౳ʹΑͬͯ ೖྗ͞ΕΔ஋Λ੍ݶ͢Δඞཁ͕͋Δɽ<>

56. 42-ΠϯδΣΫγϣϯ  8&#ϑϨʔϜϫʔΫͷػೳͷҰͭͰ͋Δ03.Λར༻͢Ε͹ৗʹ42-จʹؔ ͯ͠ҙࣝ͢Δඞཁ͕ͳ͘ͳΔɽ03.͸σʔλϕʔεͷςʔϒϧͱϓϩάϥϜ ͷΦϒδΣΫτΛରԠ͚ͮΔػೳͰ͋ΓɼΦϒδΣΫτ͕ςʔϒϧͷߦจΛ ද͍ͯ͠ΔɽΦϒδΣΫτ΁ͷૢ࡞͸03.Λॲཧ͢ΔϑϨʔϜϫʔΫ΍ϥΠ ϒϥϦͷػೳʹΑͬͯ42-ΠϯδΣΫγϣϯ͕ى͜Βͳ͍Α͏ʹ42-จʹม ׵͞Εɼ%#Ͱ࣮ߦ͞ΕΔɽ ਤ
    03.͕ར༻Ͱ͖Δ৔߹͸ར༻͢΂͖Ͱ͋

    Δɽ ׬શʹ๷͙ํ๏Ͱ͸ͳ͍͕ɼ%#ͷ࣮ߦͰ͖Δૢ࡞Λ੍ݶ͢Δࣄ΋༗ޮͰ͋ ΔɽΞϓϦέʔγϣϯͰߦ͏ૢ࡞ͷΈ͕Ͱ͖ΔΑ͏ʹ%#ͷૢ࡞Λ੍ݶ͢Δɽ %#.4ʹ͸Ϣʔβ͝ͱʹΞΫηεՄೳͳ%#ɼ͓Αͼͦ͜Ͱߦ͑Δૢ࡞Λࡉ͔ ੍͘ݶ͢Δࣄ͕ՄೳͰ͋Δɽࢲͷ%#Ͱ͸ਤʹࣔ͢Α͏ʹΞϓϦέʔγϣϯ ͝ͱʹ͔͠ΞΧ΢ϯτΛ෼͚͍ͯͳ͍͕ɼਤʹࣔ͢Α͏ʹಉ͡ΞϓϦέʔ γϣϯͰ΋ߦ͏ૢ࡞͝ͱʹΞΧ΢ϯτΛ෼͚ɼ࠷௿ݶͷݖݶͷΈΛ༩͓͚͑ͯ ͹ɼਤʹࣔ͢Α͏ʹສ͕Ұෆਖ਼ͳΫΤϦ͕࣮ߦ͞Εͨͱͯ͠΋ɼݖݶΛ༩ ͍͑ͯͳ͍ૢ࡞ʹ͍ͭͯ͸%#.4͕ڋ൱Ͱ͖ɼඃ֐Λ཈͑ΒΕΔՄೳੑ͕͋ Δɽ·ͨɼ1)1ͷ1%0Ͱ͸࠷ۙෳจʢαϒΫΤϦʣΛېࢭ͢ΔΦϓγϣϯ͕ ௥Ճ͞Εͨɽ<>

57. 944  944͸ϖʔδΞΫηε࣌ʹϖʔδ಺༰͕ੜ੒͞ΕΔʮಈత΢ΣϒαΠτʯ ʹ͓͍ͯදࣔ಺༰͕ੜ੒͞ΕΔࡍʹɼѱҙͷ͋ΔϢʔβ͕ϖʔδͷ੬ऑੑΛಥ ͍ͯ೚ҙͷεΫϦϓτΛฆΕࠐ·࣮ͤߦͤ͞Δͱ͍͏߈ܸͰ͋Δɽ<> ਤ ೚ҙͷεΫϦϓτͰ͋ΔͨΊɼෆਖ਼ͳදࣔɼΫοΩʔɾηογϣϯ৘ใͷऔಘ ͳͲ༷ʑͳ߈ܸʹൃల͢ΔՄೳੑ͕͋Δɽ ͜Ε͸ϖʔδΛੜ੒͢Δࡍʹຊདྷ͸)5.-ͱͯ͠ѻ͏΂͖Ͱͳ͍จࣈྻΛͦ ͷ··ϒϥ΢βʹग़ྗ͢Δ͜ͱʹΑͬͯϒϥ΢β͕)5.-ͱͯ͠ղऍͯ͠͠·

    ͏ҝʹൃੜ͢Δ໰୊Ͱ͋Δɽ ྫ͑͹ίϝϯτೖྗ͕Մೳͳϖʔδʹ͓͍ͯ)5.-ͷΠϯϥΠϯεΫϦϓτ ͱͯ͠ղऍ͞ΕΔจࣈྻΛॻ͖ࠐΜͩࡍʹɼίϝϯτೖྗͷ࣌఺Ͱ΋ͦͷ·· ه࿥͠ɼϖʔδʹදࣔ͢Δࡍʹ΋ͦͷ··දࣔ͢Δͱͦͷίϝϯτ͕)5.-ͱ ͯ͠ղऍ͞ΕɼεΫϦϓτ͕࣮ߦ͞ΕΔɽ ͢ͳΘͪϢʔβ͔ΒͷೖྗΛड͚෇͚Δࡍʹ͸ͦΕΛ)5.-ͱͯ͠ղऍ͢Δ ΂͖ͳͷ͔ɼͨͩͷจࣈྻͱͯ͠ѻ͏΂͖ͳͷ͔Λҙࣝ͠ɼจࣈྻͷ৔߹ʹ͸ ඞͣ)5.-ͱͯ͠ղऍ͞Εͳ͍Α͏ʹ஫ҙ͢Δඞཁ͕͋Δɽ ਤ )5.-λάͷར༻ΛڐՄ͢Δ৔߹ʹ͸ਖ਼نදݱ౳ʹΑΓڐՄ͢Δ)5.-λ άҎ֎ʹ͍ͭͯΤεέʔϓॲཧΛࢪ͔͢ɼෆඞཁλάΛ࡟আ͢Δඞཁ͕͋Δɽ ਤ Τεέʔϓॲཧ΍ෆඞཁλάͷ࡟আ͸ਤʹࣔ͢Α͏ʹQIQͷඪ४ϥΠϒ ϥϦͰՄೳͰ͋Γɼ-BSBWFMʹ͓͍ͯ͸)5.-ςϯϓϨʔτதͰQIQͷग़ྗΛ ߦ͏σϑΥϧτͰΤεέʔϓॲཧ͕ͳ͞ΕΔɽ

58. $43'  $43'͸εΫϦϓτΛ࣮ߦͨ͠ࡍʹɼϢʔβ͕ҙਤ͠ͳ͍ෆਖ਼ͳϦΫΤετ ͕߈ܸର৅αʔόʹૹΒΕϢʔβ͕ҙਤ͠ͳ͍ॲཧ͕࣮ߦ͞Εͯ͠·͏ͱݴ͏ ߈ܸͰ͋Δɽ<> ਤ ܝࣔ൘΁ͷ͍ͨͣΒॻ͖ࠐΈɼΞϯέʔτ΁ͷڏِճ ౴ɼେྔͷϦΫΤετΛૹ৴͢Δ%P4߈ܸͷ౿Έ୆ʹར༻͞ΕΔՄೳੑ͕͋Δɽ ͜ΕΒͷෆਖ਼ͳϦΫΤετ͸߈ܸର৅αʔό͔Β͸͋͘·Ͱ΋ඃ߈ܸϢʔβ͔ ΒͷϦΫΤετͰ͋Δͱೝࣝ͞ΕΔͨΊɼඃ߈ܸϢʔβ͕߈ܸऀͰ͋Δͱͷ

    ޡͬͨೝࣝΛ࣋ͨΕΔՄೳੑ͕͋Δɽ<> ͜Ε͸αʔό͕ຊདྷڋ൱͢΂͖Ͱ͋Δࣗ਎͕഑৴ͨ͠ϖʔδҎ֎ͷϖʔδʹ ຒΊࠐ·Ε͍ͯΔεΫϦϓτ͔ΒͷϦΫΤετΛडྖ͍ͯ͠ΔͨΊʹ੒ཱ͢Δ ߈ܸͰ͋Δɽैͬͯɼड͚෇͚ΔϦΫΤετ͕ຊ౰ʹࣗ਎͕഑৴ͨ͠ϖʔδ͔ ΒͷϦΫΤετͰ͋Δ͔ΛݕূͰ͖Ε͹ྑ͍ɽ ্هΛ࣮ݱ͢ΔͨΊͷํ๏ͱͯ͠ɼϢʔβ͔ΒͷೖྗΛड͚෇͚ΔϑΥʔϜ ʹਪଌ͕೉͍͠τʔΫϯྻΛຒΊࠐΈɼϦΫΤετΛड͚෇͚ͨࡍʹ͸ͦͷ τʔΫϯΛݕূ͢ΔࣄʹΑͬͯडྖͷՄ൱Λ൑ఆ͢Ε͹ྑ͍ɽ<> ਤ τʔΫϯͷੜ੒͸QIQͷඪ४ϥΠϒϥϦͰՄೳͰ͋Δɽੜ੒ͨ͠τʔΫϯ͸ ηογϣϯຖʹ۠ผ͞ΕΔαʔόଆͷ഑ྻʢ@4&44*0/ʣʹอଘ͓͖ͯ͠ɼ ޙͷݕূͰར༻͢Δɽ<> ਤ ·ͨɼ-BSBWFMʹ͸$43'τʔΫϯͷੜ੒ɾݕূΛߦ͏ػೳ͕σϑΥϧτͰ ༗ޮʹͳ͓ͬͯΓɼϑΥʔϜͷதʹ؆ศͳهड़Λߦ͏ͷΈͰ$43'τʔΫϯͷ ੜ੒͓ΑͼݕূΛߦ͑Δɽ ਤ

59. ଟྔϦΫΤετ r ରࡦ  όϦσʔγϣϯ  ߲໨ ஋ จࣈ਺ จࣈҎ্จࣈҎԼ

    จࣈछ ه߸ɾӳ਺ࣈ֤Ұจࣈඞਢ %#Ͱͷॏෳ ڐՄ͠ͳ͍ ېࢭจࣈ 
    b
    l डྖ Ϣʔβ͔Βͷೖྗ ڋ൱ डྖ൑ఆϓϩάϥϜ όϦσʔλʔ όϦσʔγϣϯ όϦσʔγϣϯϧʔϧ ਤ

60. ଟྔϦΫΤετ r ରࡦ  όϦσʔγϣϯ  ਤ

61. ଟྔϦΫΤετ r ରࡦ  όϦσʔγϣϯ  $rules = [ 'comment.name'

    => 'max:30‘, 'comment.title' => 'max:50‘, 'comment.content' => 'required|min:1|max:1000' ]; $validator = Validator::make($request->all(), $rules); if ($validator->fails()) { return Redirect::back() ->withInput() ->withErrors($validator, 'comment‘); } όϦσʔγϣϯϧʔϧ όϦσʔλʔ ڋ൱࣌ͷॲཧ ਤ

62. όϦσʔγϣϯ  ਤʹʹࣔ͢Α͏ͳػցతͳଟྔϦΫΤετ΁ͷରࡦͱͯ͠όϦσʔγϣ ϯ͕ڍ͛ΒΕΔɽ όϦσʔγϣϯͱ͸Ϣʔβͷೖྗ͕༧ΊܾΊΒΕͨϧʔϧʹԊ͍ͬͯΔ෺͔ Ͳ͏͔Λ൑ఆ͠ɼडྖͷՄ൱ΛܾΊΔ͜ͱͰ͋Δɽ<> ਤ
    ࢲͷϗʔϜϖʔ δͰ͸ਤʹࣔ͢Α͏ʹίϝϯτ͢Δࡍʹॻ͘ೖྗ߲໨ʹର͠จࣈ਺੍ݶΛ ઃ͚ΔόϦσʔγϣϯΛߦ͍ͬͯΔɽ

    όϦσʔγϣϯ͸ೖྗ͞Εͨ஋͕ຊ౰ʹಛఆͷҙຯΛ΋ͭ஋Ͱ͋Δ͔Λ֬ೝ ͢Δͱߦͬͨݕূʹ΋ར༻͞ΕɼଟྔϦΫΤετ΁ͷରࡦ͚ͩͰແ͘ɼϢʔβ ͷೖྗϛε΁ͷରࡦͱͯ͠΋ར༻͞ΕΔɽ·ͨɼೝূࢠͷ௕͞ΛҰఆҎ্ʹ͢ ΔͱߦͬͨηΩϡϦςΟϙϦγʔͷӡ༻ʹ΋ར༻Ͱ͖Δɽ όϦσʔγϣϯ͸จࣈ਺ͷऔಘ΍ਖ਼نදݱͳͲจࣈʹؔ͢ΔॲཧΛۦ࢖ͯ͠ ߦ͏͜ͱ͕Ͱ͖ΔɽQIQʹ͸ඪ४ϥΠϒϥϦʹจࣈʹؔ͢Δ๛෋ͳॲཧ͕͋Δ ͨΊɼൺֱత༰қʹߦ͏͜ͱ͕Ͱ͖Δɽ·ͨɼ-BSBWFMʹ͓͍ͯ͸όϦσʔ λʔͷػೳ͕͙͢ʹݺͼग़ͤΔΑ͏ʹͳ͓ͬͯΓɼϧʔϧͷࢦఆ΋จࣈͰߦ͏ ͜ͱ͕Ͱ͖ΔͨΊɼਤʹࣔ͢Α͏ʹඇৗʹ؆୯ʹόϦσʔγϣϯΛߦ͏͜ ͱ͕Ͱ͖Δɽ

63. (PPHMF
    SF$"15$)"  (PPHMF
    SF$"15$)"
    W Ώ͕ΜͩจࣈΛೖྗͤ͞Δ͚ͩ ݱࡏ͸ఏڙऴྃ (PPHMF
    SF$"15$)"
    W ը૾ͷ಺༰΍ը૾ʹؚ·Ε͍ͯΔಛఆͷ ෺ͷҐஔΛ౴͑ͤ͞ɼϢʔβͷૢ࡞ཤྺͳ Ͳ΋ߟྀͯ͠൑ఆɽ ৔߹ʹΑͬͯ͸νΣοΫΛ෇͚Δ͚ͩ

    ਤ

64. (PPHMF
    SF$"15$)"
    W  # 0 5 ൑ ผ ಺༰ ίϝϯτΛ࢒͢ ૹ৴

    ΞΫηε ཤྺ ୺຤ૢ࡞ ཤྺ ൑ผςετ είΞ  ͦͷ·· ಠࣗॲཧ ո͍͠ ίϝϯτ ͱͯ͠ ϚʔΫ ਤ

65. $"15$)"  ਤʹʹࣔ͢Α͏ͳػցతͳଟྔϦΫΤετ΁ͷରࡦͱͯ͠$"15$)"͕ ڍ͛ΒΕΔɽ $"15$)"
    ͱ͸ l$PNQMFUFMZ
    "VUPNBUFE
    1VCMJD
    5VSJOH
    UFTU
    UP
    UFMM
    $PNQVUFST
    BOE
    )VNBOT
    "QBSUz
    ͷུͰ͋ΓɼʮਓؒͱϚγϯΛ൑ผ͢Δ νϡʔϦϯάςετʯͷ͜ͱͰ͋Δɽ$"15$)"ͷಋೖʹΑΓαΠτ΁ͷΞ Ϋηε΍ϦΫΤετ͕ϓϩάϥϜʹΑΓߦΘΕ͍ͯΔ΋ͷͰ͋Δͷ͔ɼϢʔβ ʹΑΔૢ࡞Ͱ͋Δͷ͔Λ൑ผ͠ɼ߈ܸϓϩάϥϜʹΑΔେྔͷΞΫηεɼϦΫ

    ΤετΛආ͚Δ͜ͱ͕Ͱ͖Δɽ<> ਤ (PPHMF
    SF$"15$)"͸(PPHMF ʹΑΓఏڙ͞Ε͍ͯΔ$"15$)"Ͱ͋ΔɽແྉͰ؆୯ʹར༻Ͱ͖ɼ(PPHMF͕ ܧଓతʹΞϧΰϦζϜ΍ςετ಺༰ͷվྑΛߦ͍ͬͯΔɽ ۩ମతʹ͸࿪Ίͨจࣈ΋දࣔ͠ɼͦͷ಺༰Λೖྗͤ͞ΔࣄʹΑΓਓؒͰ͋Δ ͔Λ൑ผ͢Δख๏͕࠾ΒΕ͖ͯͨɽ͜Ε͸(PPHMF
    SF$"15$)"
    WͰ΋ಉ༷ Ͱ͋Δɽ ਤ্

66. $"15$)"  ͔͠͠ɼ͜ͷख๏͸ػցֶशΛ͸͡Ίͱ͢Δ"*ٕज़ʹΑΓಥഁ͞ΕΔՄೳੑ ͕ߴ·ͬͨɽถࠃͷ"*اۀ7JDBSJPVTͷݚڀऀ͕ߦͬͨݚڀʹΑΕ͹̍จࣈ͋ ͨΓͭͷ܇࿅༻αϯϓϧΛ༻ҙ͢Δ͚ͩͰจࣈϕʔεͰɼ୯ޠϕʔε Ͱͷਫ਼౓Ͱ൑ผͤ͞Δ͜ͱ͕Ͱ͖ͨͱ͍͏ɽ<> ͦ͜Ͱɼ(PPHMF
    SF$"15$)"
    WͰ͸จࣈͰ͸ͳ͘ɼը૾ͷ಺༰΍ಛఆͷ ΋ͷͷҐஔΛϢʔβʹ౴͑ͤ͞Δςετʹมߋͨ͠ଞɼ୺຤ͷૢ࡞΍ΞΫηε ཤྺͳͲͷ৘ใΛجʹͨ͠൑ผ΋૊Έ߹Θͤͯೝূ͍ͯ͠Δɽ৔߹ʹΑͬͯ͸ ͨͩνΣοΫϚʔΫΛΫϦοΫ͢Δ͚ͩͰྑ͘ͳΔͳͲɼϢʔβͷརศੑ΋޲

    ্ͤͨ͞ɽ ਤԼɾਤ ݱࡏࢲͷαΠτͰ͸͜ΕΛಋೖ͍ͯ͠Δɽ ͞Βʹɼ࠷ۙఏڙ͕։࢝͞Εͨ(PPHMF
    SF$"15$)"
    WͰ͸ਓؒͰ͋ΔՄ ೳੑ͕ߴ͍ͱνΣοΫϚʔΫ΋දࣔ͞Εͳ͍৔߹΋͋Γɼ͞ΒʹϢʔβͷརศ ੑΛ޲্͍ͤͯ͞Δଞɼ։ൃऀ͕SF$"15$)"ʹΑΓ൑ఆ͞ΕͨʮਓؒͰ͋ ΔՄೳੑʯΛऔಘ͠ɼೝূํ๏ͷมߋͳͲΛߦ͑ΔΑ͏ʹ͍ͯ͠Δɽ <><> ਤ (PPHMF
    SF$"15$)"͸αΠτ಺ͷϑΥʔϜͷ޷͖ͳҐஔʹ഑ஔͰ͖Δɽ ਤ ·ͨɼ+BWBTDSJQUϓϩάϥϜ΍"1*͕༻ҙ͞Ε͍ͯΔͨΊɼ)5.- ϑΝΠϧʹ͸ਤ্ʹࣔ͢Α͏ʹΘ͔ͣߦͷ௥ՃͷΈͰྑ͘ɼೝূͷ൑ఆ΋ ਤԼʹࣔ͢Α͏ʹ8FC"1*Λୟ͚ͩ͘Ͱྑ͍ͨΊඇৗʹ؆୯ʹར༻Ͱ͖Δɽ

67. αʔόΫϥΠΞϯτͷ ূ໌ 

68. 44-
      ೝূہ ϒϥ΢β 8&#αʔό 44-ূ໌ॻ 44-ূ໌ॻ ൃߦ ૹ৴

    ໰͍߹Θͤ ҉߸Խ௨৴ ü 8&#αʔόͷ৘ใ ü ެ։伴 ü ೝূہͷ৘ใ ͜ͷυϝΠϯͷਖ਼نͷ௨৴ઌ Ͱ͋ΔࣄΛূ໌ ͬͪ͜Λೝূ ਤ

69. 44-
      =
    
    ೥ = 
    
    ೥ = 
    
    ೥ ແྉ ਤ

70. 44-
    
     -FU`T
    &ODSZQU  git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt

    ./letsencrypt-auto certonly --webroot -w [
    WEB
    ] -d [ ] server { listen 443; server_name [ ]; ssl on; ssl_certificate /etc/letsencrypt/live/[ ]/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/[ ]/privkey.pem; root [
    WEB
    ]; } ਤ

71. 44-  44-ͱ͸8&#αʔόͱϒϥ΢βؒͰͷσʔλ௨৴Λ҉߸Խͯ͠ૹड৴͢Δ ࢓૊ΈͰ͋Γɼվ᜵ݕ஌΍αʔόͷ਎ݩอূͳͲ΋ߦ͏͜ͱ͕Ͱ͖Δɽ৴པʹ ͓͚Δೝূہʹূ໌ॻΛൃߦͯ͠΋Β͍ɼೝূΛߦ͏ɽ<> ਤ Πϯλʔωοτ௨৴ʹ͓͚Δೝূہʹ͸7FSJTJHO΍(FPUSVTUͳͲ͕͋Γ <>ɼ༗ྉͰൃߦ͢Δܗଶ͕ओମͩͬͨɽ͜ΕΒ͸ۚમతʹ΋࣌ؒతʹ΋ίε τ͕͔͔Δ෺Ͱ͋ͬͨɽ͔͠͠44-ͷར༻͕ҰൠతͱͳΓɼ$ISPNFͰ͸ 44-Λ༻͍ͳ͍઀ଓʹର͠ܯࠂΛදࣔ͢ΔͳͲ44-Λར༻͠ͳ͍௨৴͸҆શੑ

    ΍Ϣʔβ৺ཧͷ໘͔Βߦ͏΂͖Ͱ͸ͳ͘44-ͷར༻͸ඞਢͱݴ͑Δɽ<> ͦ͜Ͱ୭Ͱ΋ແྉͰ࢖͑Δ44-ͷূ໌ॻΛൃߦͯ͠΋Β͑Δ-FU`T
    &ODSZQU ͱ͍͏ೝূہαʔϏε͕ొ৔͠ɼ44-ར༻ͷෑډ͸௿͘ͳ͍ͬͯΔɽ ਤ  -FU`T
    &ODSZQU͸.P[JMMB΍$JTDP
    4ZTUFNTɺϛγΨϯେֶɺ"LBNBJ
    5FDIOPMPHJFTͳͲ͕ڠಉͰઃཱͨ͠ݚڀάϧʔϓʮ*OUFSOFU
    4FDVSJUZ
    3FTFBSDI
    (SPVQ
    *43( ʯʹΑΓӡӦ͞Ε͍ͯΔɽ<> -FU`T
    &ODSZQU͸44-ূ໌ॻͷऔಘɾߋ৽Λ؆୯ʹߦ͑Δπʔϧ΍ "QBDIɾOHJOYͱ͍ͬͨΑ͘ར༻͞ΕΔ8FCαʔόϓϩάϥϜ޲͚ͷϓϥά ΠϯΛఏڙ͓ͯ͠Γɼརศੑ͕ߴ͍ɽ8FCαʔόΛӡ༻ɾެ։͢Δࡍʹ͸· ͣ-FU`T
    &ODSZQUΛར༻ͯ͠44-Λ༻͍ͨ௨৴Λߦ͑ΔΑ͏ʹ͢Δ΂͖Ͱ͋Δɽ -FU`T
    &ODSZQUʹΑΓఏڙ͞Ε͍ͯΔπʔϧΛར༻͢Ε͹ਤʹࣔ͢Α ͏ʹίϚϯυҰͭͰ44-ূ໌ॻΛऔಘग़དྷΔɽ͜ΕΛ/HJOYʹਤԼʹࣔ͢ Α͏ʹࢦఆ͢Δ͚ͩͰ44-ূ໌ॻΛ༻͍ͨ҉߸Խ௨৴ͱͳΔɽ

72. ΫϥΠΞϯτূ໌ॻ   ೝূہ ϒϥ΢β 8&#αʔό ΫϥΠΞϯτ ূ໌ॻ ΫϥΠΞϯτ ূ໌ॻ

    ໰͍߹Θͤ ૹ৴ ൃߦ ҉߸Խ௨৴ ü ΫϥΠΞϯτͷ৘ใ ü ެ։伴 ü ೝূہͷ৘ใ ಛఆͷϢʔβͷΞΫηε Ͱ͋ΔࣄΛূ໌ ͬͪ͜Λೝূ ਤ

73. ΫϥΠΞϯτূ໌ॻ   $ sudo SSLEAY_CONFIG=“-config [
    ]" CATOP="./CA” /usr/lib/ssl/misc/CA.pl –newca

    $ DAYS=“-days []” SSLEAY_CONFIG=“-config [
    ]" CATOP=./CA /usr/lib/ssl/misc/CA.pl –newreq DBDFSUQFN DBDFSUQFN OFXLFZQFN
    ΫϥΠΞϯτൿີ伴 OFXSFRQFN
    ΫϥΠΞϯτެ։伴 ਤ

74. ΫϥΠΞϯτূ໌ॻ   $ SSLEAY_CONFIG=“-config [
    ]" CATOP=./CA /usr/lib/ssl/misc/CA.sh –sign $

    openssl pkcs12 -export -in newcert.pem -inkey newkey.pem -out ritsuki.kokubo.www.farpoint.pfx $ sudo SSLEAY_CONFIG=“-config [
    ]" CATOP="./CA” /usr/lib/ssl/misc/CA.pl –sign DBDFSUQFN OFXLFZQFN
    ΫϥΠΞϯτൿີ伴 OFXSFRQFN
    ΫϥΠΞϯτެ։伴 OFXDFSUQFN
    ॺ໊ࡁΈΫϥΠΞϯτެ։伴 ॺ໊ DBDFSUQFN OFXLFZQFN
    ΫϥΠΞϯτൿີ伴 OFXDFSUQFN
    ॺ໊ࡁΈΫϥΠΞϯτެ։伴 SJUTVLJLPLVCPXXXGBSQPJOUQGY ύοέʔδԽ ਤ

75. ΫϥΠΞϯτূ໌ॻ   server { ... ssl_verify_client on; # 

     ssl_client_certificate /etc/ssl/CA/cacert.pem; # 
    CA ... } server { ... ssl_verify_client optional; #   ssl_client_certificate /etc/ssl/CA/cacert.pem; # 
    CA location /admin { if ($ssl_client_verify != SUCCESS) { return 403; } ... } ... } ਤ

76. ΫϥΠΞϯτূ໌ॻ   ਤ

77. ΫϥΠΞϯτূ໌ॻ   ਤ

78. ΫϥΠΞϯτূ໌ॻ  44-Ͱ͸8&#αʔόͷೝূΛߦ͏ͷʹରͯ͠ɼΫϥΠΞϯτূ໌ॻͰ͸ϒ ϥ΢βଆʹର͠ಛఆͷϢʔβ͕ར༻͍ͯ͠Δϒϥ΢βͰ͋ΔࣄΛূ໌͠ɼೝূ ͢Δɽ ਤ
    ͜ΕʹΑΓ༧ΊڐՄͨ͠Ϣʔβ͔ΒͷΞΫηεͰ͋ΔࣄΛ֬ೝ Ͱ͖Δɽاۀͷࣾ಺γεςϜͳͲ֎෦͔ΒͷΞΫηεΛڐՄͨ͘͠ͳ͍γες ϜͰར༻͞ΕΔɽ<> ͜Ε͸-JOVY޲͚ͷύοέʔδʮPQFOTTMʯΛ༻͍Ε͹ൺֱత؆୯ʹߦ͑Δɽ

    ਤʙਤʹࣔ͢Α͏ͳͭͷίϚϯυʹΑΓɼ$"ʢೝূہʣূ໌ॻͷ࡞੒ɼ ΫϥΠΞϯτূ໌ॻͷ࡞੒͓Αͼॺ໊ɾύοέʔδԽ͕ߦ͑Δɽ ΫϥΠΞϯτূ໌ॻʹΑΔೝূ͸/HJOYͰ͋Ε͹ਤʹࣔ͢Α͏ͳهड़Λ ߦ͏͚ͩͰՄೳͰ͋Δɽਤ্Ͱ͸αΠτશମͰΫϥΠΞϯτূ໌ॻΛཁٻ ͍ͯ͠Δ͕ɼਤԼʹࣔ͢Α͏ͳهड़Λߦ͑͹ಛఆͷ63*͚ͩΫϥΠΞϯτ ূ໌ॻΛཁٻ͢Δ͜ͱ΋ՄೳͰ͋ΔɽࢲͷϗʔϜϖʔδͰ͸͜ΕΛར༻͠ɼ؅ ཧऀ༻ϖʔδͷ63*ͷΈΫϥΠΞϯτূ໌ॻΛཁٻ͢ΔΑ͏ʹͨ͠ɽ ൃߦͨ͠ΫϥΠΞϯτূ໌ॻ͸ਤʹࣔ͢Α͏ʹϒϥ΢βʹΠϯϙʔτ ͯ͠ར༻Ͱ͖Δɽ

79. ·ͱΊ 

80. ·ͱΊ  ຊϨϙʔτͰ͸8FCΞϓϦέʔγϣϯͰΑ͋͘Δ߈ܸͱͦͷରࡦΛࣔͯ͠ ͖ͨɽϑϨʔϜϫʔΫͷػೳΛ޼ົʹར༻ͨ͠߈ܸख๏ͳͲ΋ଘࡏ͢Δ͕ɼࠓ ճࣔͨ͠Α͏ͳΑ͋͘Δ߈ܸͰ΋ରࡦΛߨ͡ͳ͚Ε͹ेೋ෼ʹਂࠁͳඃ֐ʹͳ ΓಘΔɽΑ͋͘Δ੬ऑੑͰ͸͋Δ͕ɼҊ֎ݟམͱ͕ͪ͠ͰରԠͰ͖͍ͯͳ͍ɽ ੬ऑੑରԠσʔλϕʔεͰ֬ೝͰ͖Δ੬ऑੑใࠂΛݟΔͱɼ೥ใࠂ෼ͩ ͚Ͱ΋42-ΠϯδΣΫγϣϯ͕݅ɼ944͕݅ɼ$43'͕݅ͱগ ͳ͘ͳ͍ɽ<> ਤ

    
    ·ͨɼ೥ʹൃੜͨ͠ιχʔͷେن໛৘ใྲྀग़΋ 42-ΠϯδΣΫγϣϯ͕ݪҼͰ͋ͬͨͱ͞Ε͍ͯΔɽ<> ਤ
    ຊϨϙʔτ ʹࣔͨ͠Α͏ʹΑ͋͘Δ߈ܸʹ͍ͭͯ͸ϥΠϒϥϦ΍ϑϨʔϜϫʔΫͷػೳΛ ༻͍Δ͜ͱʹΑͬͯແྉͰ؆୯ʹରࡦ͕ߦ͑ΔͷͰɼΑ͘஫ҙͯ͠ରࡦΛߨ͡ Δ΂͖Ͱ͋Δɽ

81. ࢀߟจݙ 

82. ࢀߟจݙ   <>
    l8FCϑϨʔϜϫʔΫͱ͸Կ͔zɼ1045%ɼ IUUQTQPTUEDDXIBUJTBXFCGSBNFXPSLɼӾཡɽ <> lϒϧʔτϑΥʔεΞλοΫzɼ!*5ɼ IUUQXXXBUNBSLJUDPKQBJUBSUJDMFTOFXTIUNMɼӾཡɽ <> lϒϧʔτϑΥʔεΞλοΫͷରࡦzɼ$ZCFS4FDVSJUZ5*.&4ɼ

    IUUQTXXXTIBEBOLVODPNCMPHNFBTVSFɼӾཡɽ <> lύεϫʔυΛकΖ͏ʂαΠτʹର͢Δʮ૯౰ͨΓ߈ܸʯͷݱঢ়ͱରࡦ·ͱΊzɼ-*(ɼ IUUQTMJHJODDPKQXFCVTFGVMɼӾཡɽ <> l42-ΠϯδΣΫγϣϯ߈ܸ΁ͷରࡦʛ੬ऑੑΛѱ༻͢Δ࢓૊Έͱ۩ମྫzɼϚΧϑΟʔެࣜ ϒϩάɼ IUUQTCMPHTNDBGFFKQTRMJOKFDUJPOQSFWFOUJPOɼӾཡɽ <> /BHJNBSVɼl42-ΠϯδΣΫγϣϯͱΫΤϦͷॻ͖ํʹ͍ͭͯߟ͑Δzɼ2JJUBɼ IUUQTRJJUBDPNOBHJNBSVYYYJUFNTGFFFɼӾཡɽ <> lΫϩεαΠτεΫϦϓςΟϯάʢ944ʣzɼτϨϯυϚΠΫϩɼ IUUQTXXXUSFOENJDSPDPNKB@KQTFDVSJUZJOUFMMJHFODFSFTFBSDISFQPSUTUISFBU TPMVUJPOYTTIUNMɼӾཡɽ <> lΫϩεαΠτϦΫΤετϑΥʔδΣϦʢ$43'ʣzɼτϨϯυϚΠΫϩɼ IUUQTXXXUSFOENJDSPDPNKB@KQTFDVSJUZJOUFMMJHFODFSFTFBSDISFQPSUTUISFBU TPMVUJPODTSGIUNMɼӾཡɽ <> $IFMTFBɼlʲ1)1ʳ$43'ͱ͸ରࡦzɼ2JJUBɼ IUUQTRJJUBDPN$IFMTFBJUFNTFEFCCEGɼӾཡɽ <> lόϦσʔγϣϯzɼ*5༻ޠࣙయόΠφϦɼ IUUQTXXXTPQIJBJUDPNDPOUFOUόϦσʔγϣϯɼӾཡɽ

83. ࢀߟจݙ   <> lୈষ 8FCؔ࿈ٕज़ $"15$)"zɼ*1"ɼ IUUQTXXXJQBHPKQTFDVSJUZBXBSFOFTTWFOEPSQSPHSBNNJOHWDPOUFOUT IUNMɼӾཡɽ <>

    Ҫ্ًҰɼzʮࢲ͸ϩϘοτͰ͸͋Γ·ͤΜʯ"*Ͱಥഁ ଞͷσΟʔϓϥʔχϯάΑΓ lഒzޮ཰తͳϞσϧ͕ొ৔zɼ*5NFEJBɼ IUUQXXXJUNFEJBDPKQOFXTBSUJDMFTOFXTIUNMɼӾཡɽ <> lάʔάϧͷ࠷৽ʮSF$"15$)"ʯɺʮݟ͑ͳ͍ʯ࢓૊ΈͰਓؒͱϘοτΛࣗಈ൑ผzɼ $/&5
    +BQBOɼ IUUQTKBQBODOFUDPNBSUJDMFɼӾཡɽ <> lʮࢲ͸ϩϘοτͰ͸͋Γ·ͤΜʯબͿඞཁͳ͠ ৽ʮSF$"15$)"ʯ(PPHMF͕ެ։ɺ Ϣʔβʔ͸Կ΋͠ͳͯ͘0,zɼ*5NFEJBɼ IUUQXXXJUNFEJBDPKQOFXTBSUJDMFTOFXTIUNMɼӾཡɽ <> l44-ͱ͸ʁIUUQTͱ͸ʁ؆୯આ໌zɼ(MPCBM4JHOɼ IUUQTKQHMPCBMTJHODPNTTMQLJJOGPTTM@CFHJOOFSBCPVUTTMIUNMɼӾཡɽ <> l$FSUJGJDBUF
    "VUIPSJUZ
    .BSLFU
    4IBSF
    3FQPSUzɼ4FDVSJUZ
    4QBDFɼ IUUQXXXTFDVSJUZTQBDFDPNT@TVSWFZEBUBNBODBTVSWFZIUNMɼ Ӿཡɽ <> l)551઀ଓ͸શͯܯࠂදࣔʂৗ࣌44-Խͷഎܠʹ͋Δ(PPHMF
    $ISPNFಈ޲ͷ·ͱΊzɼ (MPCBM4JHO
    #MPHɼ IUUQTKQHMPCBMTJHODPNCMPHHPPHMFDISPNF@IUNMɼӾ ཡɽ

84. ࢀߟจݙ   <> l44-5-4ূ໌ॻແྉԽ͸ਐΉ͔ʁ ʙ-FUT
    &ODSZQUʹݟΔແྉ44-5-4ূ໌ॻͷ୆಄ͱ ͦͷ஫ҙ఺ʙzɼ(MPCBM4JHO
    #MPHɼ IUUQTKQHMPCBMTJHODPNCMPHGSFFTTMUMT@MFUTFODSZQUIUNMɼӾཡɽ <> lΫϥΠΞϯτূ໌ॻͱ͸ʁzɼ(MPCBM4JHOɼ

    IUUQTKQHMPCBMTJHODPNTFSWJDFDMJFOUDFSUBCPVU@DMJFOUDFSUIUNMɼӾ ཡɽ <> l+7/
    J1FEJB
    ੬ऑੑରԠσʔλϕʔεzɼ IUUQTKWOECKWOKQɼӾཡɽ <> ࡾྠ৴༤ɼlιχʔͷ৘ใ࿙Ӯʹѱ༻͞Εͨ42-ΠϯδΣΫγϣϯͱ͸zɼ೔ܦ Y5&$)ɼ IUUQTUFDIOJLLFJCQDPKQJUQDBSUJDMFDPMVNOɼ Ӿཡɽ

85. &/%