Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

INTER-Mediatorが備えるセキュリティ機能

797 views

Published on

2019/08/24 INTER-Mediator《大》勉強会 2019発表資料

Published in: Technology
  • Login to see the comments

  • Be the first to like this

INTER-Mediatorが備えるセキュリティ機能

  1. 1. INTER-Mediator 2019/08/24 INTER-Mediator 2019
  2. 2. • Web • INTER-Mediator • INTER-Mediator Training Course Agenda
  3. 3. Web
  4. 4. Web • https://www.ipa.go.jp/security/vuln/ websecurity.html IPA
  5. 5. • SQL • OS • •
  6. 6. • XSS • CSRF • HTTP
  7. 7. • • • •
  8. 8. INTER-Mediator
  9. 9. XSS • INTER-Mediator HTML <td colspan="3" class="grayback" data- im="messageauth@message">
  10. 10. innerHTML • innerHTML <td colspan="3" class="grayback" data- im="messageauth@message@innerHTML">
  11. 11. CSRF • params.php $webServerName • • Web FQDN
  12. 12. CSRF • params.php $webServerName $webServerName = array('inter- mediator.com', 'inter-mediator.info');
  13. 13. CSRF • X-From Origin http://hasegawa.hatenablog.com/entry/ 20130302/p1
  14. 14. • params.php $xFrameOptions • • $xFrameOptions = 'SAMEORIGIN';
  15. 15. INTER-Mediator • • • •
  16. 16. INTER-Mediator • INTER-Mediator • LDAP OAuth2
  17. 17. INTER-Mediator • authuser authgroup authcor • - issuedhash
  18. 18. IM_Entry( array(array( 'name' => 'chat', 'key' => 'id', 'authentication' => array('all' => array('target' => 'field-user', 'field' => 'user',),), 'protect-writing' => array( 'user' ), ),), array( 'authentication' => array( // 'user' => array('user1'), // 'group' => array('group2'), // ), ), array('db-class' => 'PDO'), false );
  19. 19. • authentication user
  20. 20. • authentication group
  21. 21. • authentication target field
  22. 22. • target field-user field • target field-group field
  23. 23. • params.php • $contentSecurityPolicy • $generatedPrivateKey • $passwordPolicy
  24. 24. • INTER-Mediator Training Course • Chapter 7 • Chapter 8
  25. 25. • SSL/TLS • HTTP • SSL/TLS HTTPS
  26. 26. SSL • HTTP HTTPS • SSL/TLS SSL • Let's Encrypt
  27. 27. INTER-Mediator Training Course
  28. 28. • INTER-Mediator • ePub • INTER-Mediator-ServerVM
  29. 29. • extending-class • .php
  30. 30. IM_Entry( array( array( "name" => "salesitems", "view" => "items", "query" => array( array("field" => "year", "operator" => "=", "value" => "2016"), ), "extending-class" => "AdditionalProccess", ),
  31. 31. PHP <?php class AdditionalProccess implements Extending_Interface_BeforeRead, Extending_Interface_AfterRead { public function doBeforeReadFromDB() { } public function doAfterReadFromDB($result) { /* */ return $result; } }
  32. 32. • INTER-Mediator Training Course Chapter 8
  33. 33. • Web • •

×