112 Views
June 17, 17
スライド概要
2017/06/17 FileMaker Pro 東京ユーザーズミーティング LT発表資料
Web Application Developer / kintone CERTIFIED App Design Specialist 2020 / kintone CERTIFIED Customization Specialist 2020
FileMaker Server 16ͱHSTS 2017/06/17 FM-TokyoϥΠτχϯάτʔΫൃදࢿྉ দඌಞʢࣜגձࣾΤϛοΫʣ
FileMaker Server 16
FileMaker Server 16 • 20175݄ʹϦϦʔε • SSL/TLSؔ࿈ͷվળ͕·ؚΕΔ • ͦͷ͏ͪͷ1͕ͭHSTS
FileMaker Server 16ͱHSTS • Admin Consoleʢʦσʔλϕʔεαʔ όʔʧʼʦηΩϡϦςΟʧʣͰʦWeb ΫϥΠΞϯτʹ HSTS Λ༻͢Δʧ νΣοΫϘοΫε͕৽ઃ
HSTS • HTTP Strict Transport Securityͷུ • Webαʔόʔ͕Webϒϥβʔʹରͯ͠ ࣍ճҎ߱HTTPͰͳ͘HTTPSͰ௨৴͢ ΔΑ͏ʹୡ • ৗ࣌SSLԽͷࡍʹ௨ৗWebαʔόʔଆͰ ઃఆ͢Δ߲ͷ1ͭ
SSLLabs SSL Server Test HSTSద༻લͷείΞ HSTSద༻ޙͷείΞ ʢHSTSͷಋೖͰείΞ͕Aͩͬͨ߹ʹA+ʹʗ20176݄17࣌ʣ
HTTPϔομʔͷྫ • Strict-Transport-Security: max- age=31536000; includeSubDomains • ্ͰྫهHSTS͕ద༻͞ΕΔ༗ޮؒظ 31,536,000ඵʢ365ʣ
HSTSΩϟογϡͷআ • ௨ৗWebαʔόʔଆͰmax-ageͷΛ0ʹ ͢ΕΩϟογϡΛແޮԽͰ͖Δ • Strict-Transport-Security: max-age=0; • ͨͩ͠ɺHTTPSͰͳ͘HTTPͷ߹ ʹWebϒϥβʔStrict-TransportSecurityϨεϙϯεϔομʔΛແࢹ
HSTSΩϟογϡͷআ • Chromeͷ߹ΞυϨεόʔʹ ʮchrome://net-internals/#hstsʯͱೖྗ • Delete DomainͷจࣈೖྗཝʹυϝΠ ϯ໊Λೖྗͯ͠ʦDeleteʧϘλϯΛΫ ϦοΫ
ؔ࿈ใ • Preloaded HSTSʢHSTS Preloadʣ • HSTSͰॳճHTTPS௨৴੍͕͞ڧ Εͳ͍ • WebϒϥβʔຊମʹHSTSͰଓ͢ ΔυϝΠϯͷϦετΛ࣋ͨͤΔํ๏ ͋Δ
·ͱΊ • FileMaker Server 16ͰSSLΛ༗ޮʹ͢ Δͱ௨ৗHSTSҰॹʹ༗ޮԽ͞ΕΔ ʢΦϓγϣϯʣ • SSLΛಋೖ͢Δࡍʹೝূ͔ہΒߪೖ ͨ͠ূ໌ॻ͕ඞཁ