投稿時間:2021-05-17 01:27:54 RSSフィード2021-05-17 01:00 分まとめ(33件)

カテゴリー等	サイト名等	記事タイトル・トレンドワード等	リンクURL	頻出ワード・要約等/検索ボリューム	登録日
IT	ITmedia 総合記事一覧	[ITmedia News] 納税用QRコードを誤掲載　大阪・泉南市　自動車会社向け決済に	https://www.itmedia.co.jp/news/articles/2105/17/news043.html	itmedia	2021-05-17 00:25:00
python	Pythonタグが付けられた新着投稿 - Qiita	動画を撮り回すためのプログラム.py	https://qiita.com/wanko-soba/items/ffde1caddd96b65515b1	そのため、今後はそういった操作を省けるようなプログラムを書いて、もっと効率的かつ使いやすくしたいと思いました。	2021-05-17 00:55:03
js	JavaScriptタグが付けられた新着投稿 - Qiita	素人がGW中に履歴書作成ウェブアプリを作ってみたよ	https://qiita.com/bonji/items/dab124e871a1a154beb6	作った履歴書はHTML、PDF、印刷が可能です。	2021-05-17 00:47:03
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	怪しいサイトの調査方法。WHOIS、CloudFlareでのIP等の情報秘匿、について教えてください。	https://teratail.com/questions/338676?rss=all	【質問①】ドメインから調べて、WHOIS情報は以下のように出ています。	2021-05-17 00:45:27
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Android11でのファイルピッカー	https://teratail.com/questions/338675?rss=all	Androidでのファイルピッカーお世話になります。	2021-05-17 00:35:39
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Java：１つのファイルで複数のpublicクラスを記述するとエラーになる理由	https://teratail.com/questions/338674?rss=all		2021-05-17 00:35:28
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	Cordova10にアップデートしてからAjaxでCORSのエラー	https://teratail.com/questions/338673?rss=all	CordovaにアップデートしてからAjaxでCORSのエラー概要Cordovaで動作していましたが、Cordovaにアップグレードしたら、動作しなくなりました。	2021-05-17 00:21:04
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	05/16のAtCoderRegularContestのA問題について	https://teratail.com/questions/338672?rss=all	のAtCoderRegularContestのA問題について今回競プロを初めてやりました。	2021-05-17 00:18:21
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	【Java】ラムダ式（関数型インターフェース）が引数のメソッドの挙動がよくわからない	https://teratail.com/questions/338671?rss=all	【Java】ラムダ式関数型インターフェースが引数のメソッドの挙動がよくわからないラムダ式関数型インターフェースが引数のメソッドの挙動がよくわかりません。	2021-05-17 00:13:42
Program	[全てのタグ]の新着質問一覧｜teratail（テラテイル）	VBAでプッシュ通知させる設定がググってみても見つかりません。	https://teratail.com/questions/338670?rss=all	通知	2021-05-17 00:05:02
Ruby	Rubyタグが付けられた新着投稿 - Qiita	オリジナルアプリ開発【topページの表示】	https://qiita.com/kyohhh/items/22a0ca6656d9ffe96400	コントローラーの名称は先程設定したルーティングでtopと指定したので、topコントローラーを作成していきます。	2021-05-17 00:00:35
AWS	AWSタグが付けられた新着投稿 - Qiita	lsyncdとrsyncを使用したサーバ間ファイル同期	https://qiita.com/latin1/items/842074412c9b4c9c5279	lsyncdとrsyncを使用したサーバ間ファイル同期はじめにlsyncdとrsyncを用いてAWS上に構築したサーバ台でファイル同期をします。	2021-05-17 00:03:20
Git	Gitタグが付けられた新着投稿 - Qiita	Git Hubリポジトリとのやりとり	https://qiita.com/ny3line/items/7e07bc3477d70bc7f943	GitHubリポジトリとのやりとりGitHubとのやりとりをする際に使うコマンドリモートの中身を確認する時remotegitremoteremoteの名称が表示されるgitremotev対応するURLを表示リポジトリを複数持つ時に使うコマンドremoteaddgitremoteaddltリモート名gtltリモートURLgt例↓↓↓gitremoteaddtutorialtutorialというショートカットでURLのリモートリポジトリを登録できる手順としては自分のgithubホームページに行って、新しいリポジトリを作成使い方としては、バックアップ用や別のリポジトリで開発したい時などリモートリポジトリとして運用することが多いリモートから情報を取得する方法大きく分けて二つの方法があるが、使い分けすることが大切で、ここも間違えると大変なことになることもあるので注意して使うfetchを使って取得するfetchgitfetchltリモート名gtgitfetchoriginこのコマンドで行われていることで注意しなきゃいけない点は、リモートリポジトリからローカルリポジトリに情報が落ちてきているだけでワークツリーには何も影響が起きていないという点です実際は、ローカルリポジトリの中のremotesリモート名ブランチ名に保存されているローカルリポジトリの情報をワークツリーに反映させたい時gtそのmergegitmergeltリポジトリ名gtltブランチ名gtgitmergeoriginmasterこうすることでoriginリポジトリのmasterブランチの情報をマージすることができる中身を一応確認したい時は、lsコマンドなどやcatコマンドを使って確認したりすればOKローカルリポジトリの情報をワークツリーに反映させたい時gtそのpullgitpullltリモート名gtltブランチ名gtgitpulloriginmaster上記コマンドは省略可能でgitpullでもOKでpullコマンドは下記のコマンドを一発で行っていることに注意gitfetchoriginmastergitmergeoriginmaster基本的にはフェッチを使うのがベターなぜかというと、pullコマンドの挙動が特殊だからです仮に現在ブランチがmasterブランチとhogeブランチの二つあったと仮定して話しを進めます。	2021-05-17 00:32:27
Ruby	Railsタグが付けられた新着投稿 - Qiita	オリジナルアプリ開発【topページの表示】	https://qiita.com/kyohhh/items/22a0ca6656d9ffe96400	コントローラーの名称は先程設定したルーティングでtopと指定したので、topコントローラーを作成していきます。	2021-05-17 00:00:35
技術ブログ	Developers.IO	【レポート】AWS サービスで実現する継続的インテグレーション/継続的デリバリー（CI/CD）入門 #AWS-30 #AWSSummit	https://dev.classmethod.jp/articles/awssummit-2021-aws-30/	awsawssummit	2021-05-16 15:30:53
海外TECH	DEV Community	Getting started with Next.js + Strapi: Security first	https://dev.to/rubenmarcus/getting-started-with-next-js-strapi-security-first-3380	Getting started with Next js Strapi Security first Why worry about Security Before starting to see about Strapi s Content Types before looking at Next js file and route structure it s good to discuss Security A concern that usually is not followed up with due attention in certain teams and that can cause a very high cost when a project is put into production This article is another introductory article to the Next js Strapi stack we will also cover TypeScript Data Fetch Layouts CI CD and Deploy but first of all we will cover security Below we will discuss the most common security errors in web applications and how to mitigate or fix them in our Strapi Next js application XSS CRSF XSS or Cross Site Scripting is a malicious technique to inject code into our application and circumvent security to hijack data or manipulate a user s session for example CRSF or Cross site request forgery is when someone uses a malicious technique to get through a request either via Postman or browser to reach our database delete user data for example steal session data like credit card addresses etc among other things Click Jacking Do you know when you open pages that tend to trick the user into typing data and in the end they end up sending that data to people they want to use maliciously Or that they may have malware or exploits and install them on the user s machine Common vulnerabilities in Rest APIS DOS amp DDOS Denial of Service When a hacker wants to take down an API application or website he can fire bulk requests for that API or endpoint Exposure of Sensitive Information When we expose sensitive user data especially without encryption in our API Ids emails addresses payment information etc MIM Man in the Middle attacks When a hacker tries to intercept client and server communication with the intention of stealing data SQL Injection Injection of code that changes the expected behavior of the API and the Database Through an injection a hacker is able to steal information break the API change its operation Insecure Direct Object References When you expose an API with endpoints like user id and a user tries to access an ID that does not compete with it and succeeds you are exposing Direct References for insecure objects Common vulnerabilities in GraphQL APIS graphql query schema types name fields name If your GraphQL API is public only with a query like this the user who uses it can see the entire schema of your APIMalicious Queries Hackers can mount malicious queries whether to steal data corrupt your database or bring down your API serverBrute Force To avoid problems with hackers trying to break the data in your GraphQL API you can use plugins like GraphQL Rate Limit which will limit how many times the vulnerable fields of your query can be executed in a time interval How to avoid all this On Strapi Understanding the Strapi Configuration file amp its security Strapi has rich documentation that shows us how to guarantee the security of the CMS It has configurations for XSS PP Hsts X Frame Options Clickjacking CORS very useful to define which domains can access your application which headers can be exposed IP Can configure which IPS see or not your application Credential Injection Use a env file to avoid injecting credentials in the middle of your codeValidation You can create a middleware to validate that your application data already exists and will not be duplicated or you can also use a lib like Joi to validate your API fields but Strapi already has some native validations that you can define in your API models only if you use MongoDBRoles amp Permissions Ideally you should create documentation for your API on which permissions and endpoints you will enable so that you don t end up making the mistake of allowing everything and offering risk to your API dataPolicies You can set your API s policies directly in Strapi s code through config policies for global Policies and api config policies for local endpoints It is an extra layer of security for your Strapi application To set policies with GraphQL Strapi s documentation has a page dedicated to that Data Leak You can pass a private true parameter within the parameter in your API model to remove the value of being accessed by anyone Click here to learn moreJWT you can require the user to access sensitive endpoints of your application to be logged in and use JWT Exposure of Sensitive Information Strapi allows to edit the controllers which information can be accessed in the calls of the endpoints You can delete certain fields and parameters from the results In GraphQL DOS Denial of Service You need to limit your queries A malicious hacker if discovered its GraphQL API can mount a series of queries that can overload your server This is a great article on the Apollo blog that teaches some cases of malicious queries and how to avoid them Setting Policies for Queries You have to customize the Schema of your GraphQL API setting the desired policies to have control of who or how to access what in your APIUnauthorized access You need to disable the GraphQL Playground which is already disabled in the production version of Strapi you can disable it for other environments here then your GraphQL endpoint is not maintained by a route but by middleware It is necessary to create a new middleware which will check if the endpoint we want is graphql and if the authenticated user is what we want module exports strapi gt return initialize strapi app use async ctx next gt const handleErrors ctx err undefined type gt if ctx request graphql null return ctx request graphql strapi errors type err return ctx type err check if it s a graphql request if ctx request url graphql amp amp ctx request method POST if ctx request amp amp ctx request header amp amp ctx request header authorization try get token data const id await strapi plugins users permissions services jwt getToken ctx if id undefined throw new Error Invalid token Token did not contain required fields check if the id match to the user you want if id my user id return handleErrors ctx You are not authorized to access to the GraphQL API unauthorized catch err return handleErrors ctx err unauthorized else if no authenticated return an error return handleErrors ctx You need to be authenticated to request GraphQL API unauthorized await next To be authenticated you need to send a JWT in the header See here in Strapi s authentication documentation how to do it In Next js Validating fields The validation of form fields is not only used to guide your users but also to guarantee the integrity of the information transmitted from the client to the server This prevents a series of malicious codes from being entered into our Services The user can still try to manipulate the data by editing the HTML in DevTools but that is another problem CRSF Passing the parameter Content Type application JSON in our requests forces our application not to use simple requests and protects against attacksXSS This guide is very useful and shows some rules that it is good to follow when developing our front end application so as not to have a headache afterward on security and XSS issues This Next js plugin also helps to implement XSS Protection helping the browser to sanitize vulnerable areas of your application Security Headers amp ClickJacking Using X Frame Options DENY or SAMEORIGIN you prevent third parties from being able to run your Next js application within a frame The next secure headers plugin helps you with that In addition to implementing FrameGuard it also implements XSS Protection contentSecurityPolicy nosniff noopen forceHTTPSRedirect referrerPolicy expectCT JWT amp Rolling Tokens You can implement JWT for the authentication of your App to guarantee the integrity of your API and access to it this is a good tutorial that teaches thisMore NextAuth js A plugin to help you with security in the authentication of your Next js app SSL One step before we publish our site for production is to set our domain and server to the HTTPS protocol HTTPS protects our requests from being targeted by Man In the Middle attacks and is also crucial for SEO as it impacts Google s ranking Some ways to get free SSL certificates for your website are to use the service of Lets EncryptSSL For FreeAWS Certificate ManagerZeroSSLCloudFlare SSL APIS Caching Although it is not only a concern with security but also with performance APIS caching can be recommended so that your site can work even in offline environments but when it comes to dynamic data it ends up being not recommended only for data that is not constantly change This is a topic that requires an article just for him but if you feel interested in knowing more about it I recommend reading the following articles Web dev Cache API Quick GuideAmazon API Gateway API CachingUsing Cloudflare with your APIGraphQL Caching Strapi s Safety Roadmap The Strapi team is planning some features that can help in future releases on security issues This is the Product Board link In it we see that the Strapi team plans features such as FA Two factor authentication Rolling Token JWT SSO Google Twitter Facebook GitHub among others that are already being tested as Permissions and Rules per user and Permissions at field levels Checking tools There are some sites and tools on the web that test how secure our application is Below are some of them Sentry Sentry is a tool for monitoring web apps errors It supports several technologies and platforms It can be easily integrated with GraphQL Strapi or Next js It has a free version for developers Sqreen Sqreen is a webapps security monitoring platform It can bring real time data from potential exploits protect you from attacks and malicious activities Strapi supports Sqreen First create a Sqreen trial accountSecond set up your organization on the Sqreen dashboardThird set up Sqreen on StrapiIn Next js you can also use Sqreen but the configuration is a little more complicatedFirst create a Sqreen trial account Second set up your organization on the Sqreen dashboard The third configure Next js to use a Custom ServerConfigure Sqreen for Node jsLGTM LGTM is an open source tool used by major players in the market such as Google Microsoft Nasa and Dell which checks for vulnerabilities in your code through a repository on Github or BitBucket It has an automatic code review tool and is very powerful it has alerts to warn you about problems in the code and also comparisons and history SonarCloud SonarQube is a very powerful tool that not only checks for bugs and vulnerabilities in your code but also some parameters like Code maintainability Test Coverage Codesmells Code duplication it analyzes your code and can stop a P R or M R on Github GitLab Azure DevOps or BitBucket if it does not reach the expected code quality SonarCloud also has a plugin for IDES that checks in real timeMozilla Observatory Mozilla tool that will help bring Insights about the security of your website DigiCert SSL Tools It will check your SSL certificate data show possible vulnerabilities the Certificate Chain and the Server Configuration Qualys SSL Labs Tool a little more complete than that of DigiCert Pen test Tool Website Vulnerability Website that has SQL Injection checking XSS Inclusion of files Execution of remote commands however it is paid Sucuri SiteChecker Sucuri is well known in the world of web security Detects if your site is blacklisted on Google if it has unsafe links among other security parametersWell guys thanks if you got here and had patience the intention was to have given you a general idea of how to mitigate and solve various security and vulnerability problems in web applications with Next js and Strapi before we started using Stack being that the concepts mentioned here can be used and verified in any web application not only with Node js and JavaScript TypeScript but with other languages and that use Rest APIs or GraphQL Apis This is a very extensive subject that could yield several articles but I tried to summarize in this one References Strapi VulnerabilitiesVulnerabilities in Next jsCross Site Scripting Prevention Cheat SheetClickjackingSecuring your GraphQL API from Malicious QueriesGraphQL NoSQL Injection through JSON TypesGraphQL Injection	2021-05-16 15:03:00
海外ニュース	Japan Times latest articles	Objections from experts forced Suga to take a U-turn on virus emergency	https://www.japantimes.co.jp/news/2021/05/16/national/suga-about-face-state-emergency/	minister	2021-05-17 01:53:24
海外ニュース	Japan Times latest articles	Tougher COVID-19 steps begin in six prefectures amid virus surge	https://www.japantimes.co.jp/news/2021/05/16/national/coronavirus-emergency-quasi-japan/	Tougher COVID steps begin in six prefectures amid virus surgeHokkaido Okayama and Hiroshima prefectures joined the state of emergency while quasi emergency measures were expanded to Gunma Ishikawa and Kumamoto prefectures	2021-05-17 01:55:43
海外ニュース	Japan Times latest articles	Taiwan and Singapore, COVID-19 success stories, face threats	https://www.japantimes.co.jp/news/2021/05/16/asia-pacific/singapore-taiwan-restrictions/	Taiwan and Singapore COVID success stories face threatsThe regression of COVID control progress shows the difficulty of sustaining a virus free environment especially when a low level of threat made locals reluctant to	2021-05-17 00:42:12
海外ニュース	Japan Times latest articles	Rainy season in western Japan arrives earlier than ever	https://www.japantimes.co.jp/news/2021/05/16/national/rainy-season-record-start/	season	2021-05-17 00:36:22
海外ニュース	Japan Times latest articles	Government panel warns of widening gender gap in Japan due to pandemic	https://www.japantimes.co.jp/news/2021/05/16/national/social-issues/gender-gap-growing-pandemic/	Government panel warns of widening gender gap in Japan due to pandemicIn a report the panel of experts said the crisis has led to an increase in domestic violence cases and suicides among women while also	2021-05-17 00:18:47
海外ニュース	Japan Times latest articles	Kagoshima struggles to capitalize on matcha might despite being top producer	https://www.japantimes.co.jp/life/2021/05/16/food/kagoshima-green-tea/	Kagoshima struggles to capitalize on matcha might despite being top producerDespite official figures showing the area has overtaken Shizuoka Prefecture in terms of production it is still working on nationwide appeal	2021-05-17 02:00:25
海外ニュース	Japan Times latest articles	Regulators may be doing Alibaba a favor after all	https://www.japantimes.co.jp/opinion/2021/05/16/commentary/world-commentary/regulators-do-alibaba-a-favor/	Regulators may be doing Alibaba a favor after allOf great concern is that this core business once again contributed all of the operating profit because the rest of Alibaba s divisions remain a drag	2021-05-17 00:57:08
海外ニュース	Japan Times latest articles	Russia’s bear economy	https://www.japantimes.co.jp/opinion/2021/05/16/commentary/world-commentary/russia-economy-vladimir-putin-sanctions-gdp/	russia	2021-05-17 00:53:23
ニュース	BBC News - Home	Covid: Increasing confidence jabs work against Indian variant	https://www.bbc.co.uk/news/uk-57134181	hancock	2021-05-16 15:33:05
ニュース	BBC News - Home	Israel Gaza conflict: Deaths mount in Gaza as UN meeting begins	https://www.bbc.co.uk/news/world-middle-east-57131272	emergency	2021-05-16 15:04:46
ニュース	BBC News - Home	Heysham explosion: Child dies and four adults injured in Lancashire blast	https://www.bbc.co.uk/news/uk-england-lancashire-57132505	early	2021-05-16 15:10:23
ニュース	BBC News - Home	Princess Diana: BBC postpones Panorama film on interview with Martin Bashir	https://www.bbc.co.uk/news/uk-57135567	issue	2021-05-16 15:18:48
ニュース	BBC News - Home	Eurovision 2021: How this year's acts are aiming for a Covid-safe contest	https://www.bbc.co.uk/news/newsbeat-57079037	rotterdam	2021-05-16 15:21:29
ニュース	BBC News - Home	Tottenham boost European hopes with win over Wolves	https://www.bbc.co.uk/sport/football/57044630	wolves	2021-05-16 15:46:39
ニュース	BBC News - Home	Covid-19 in the UK: How many coronavirus cases are there in your area?	https://www.bbc.co.uk/news/uk-51768274	cases	2021-05-16 15:22:39
北海道	北海道新聞	プロデューサー沢田隆治さん死去　「てなもんや三度笠」	https://www.hokkaido-np.co.jp/article/544492/	沢田隆治	2021-05-17 00:09:00
ニュース	THE BRIDGE	南米向けシード特化「BVC」、2号ファンドがファーストクローズ——新投資先にデジタルレストランやネオバンク	http://feedproxy.google.com/~r/SdJapan/~3/V2XroaMwFwE/brazil-venture-capital-2nd-fund-first-close	南米向けシード特化「BVC」、号ファンドがファーストクローズー新投資先にデジタルレストランやネオバンク年のブラジルにおけるスタートアップ投資は億米ドルに達し前年比で割ほど上昇、年のユニコーンの数は前年から社増えて社となった。	2021-05-16 15:30:04