TECH |
Techable(テッカブル) |
大河ドラマへの導入実績も。自然な合成映像をリアルタイムに作るLEDディスプレイ・システム |
https://techable.jp/archives/205736
|
rubyf |
2023-05-08 23:00:32 |
Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
【学習】Ruby on Rails チュートリアル 第7版 - 第1章ゼロからデプロイまで |
https://qiita.com/COYG_GINFF/items/aca3b1b6464b6a258e4f
|
rubyonrails |
2023-05-09 08:15:51 |
Git |
Gitタグが付けられた新着投稿 - Qiita |
Gitのブランチ名がメインだと思ったらマスターだった |
https://qiita.com/takegongon/items/c29840d1c5f7dbb5c510
|
gitconf |
2023-05-09 08:45:31 |
Ruby |
Railsタグが付けられた新着投稿 - Qiita |
【学習】Ruby on Rails チュートリアル 第7版 - 第1章ゼロからデプロイまで |
https://qiita.com/COYG_GINFF/items/aca3b1b6464b6a258e4f
|
rubyonrails |
2023-05-09 08:15:51 |
技術ブログ |
Developers.IO |
Shield Standard でログの分析可否や機能の有効、無効を切り替える方法があれば教えてください |
https://dev.classmethod.jp/articles/tsnote-shield-please-tell-me-if-log-analysis-is-possible-and-if-there-is-a-way-to-enable-or-disable-the-function-in-shield-standard/
|
shieldstandard |
2023-05-08 23:00:39 |
海外TECH |
DEV Community |
Auth.Tesla.com's Vulnerability Leads To Account Takeover of Internal Tesla Accounts |
https://dev.to/tutorialboy/authteslacoms-vulnerability-leads-to-account-takeover-of-internal-tesla-accounts-1fci
|
Auth Tesla com x s Vulnerability Leads To Account Takeover of Internal Tesla Accounts IntroductionThis is rewritten article from the bugcrowd report submitted by the security researcher Evanconnelly During participation in the Tesla Bug Bounty Program I was tasked with examining and evaluating the security of numerous Tesla web applications This process required me to generate multiple Tesla user accounts in order to thoroughly assess the potential vulnerabilities and weaknesses within the system On one particular occasion as I was in the process of establishing a new account my curiosity was piqued by the idea of attempting to register for an account using an email address that belonged to the Tesla domain itself I wondered whether the system had any built in security measures to prevent such a scenario and if not what potential implications this could have on the overall integrity of the platform So like Tesla s got a bunch of web apps and stuff For SSO to all these applications Tesla has two main identity providers IDPs auth tesla com for external users and sso telsa com for employees My security testing involves auth tesla com I found out that the external auth tesla com allows users to sign up for new accounts using tesla com and teslamotors com email addresses Also there is no email verification which means an account can be created with an email address to which I don t have access With further testing any attempt to register an external account with a valid internal Tesla email address reported that the email address was already taken So at best my thinking is that under the right conditions this could be used for pre account takeovers which is a fairly low impact issue How to exploit it in other ways So what about what is essentially the opposite of a pre account takeover If I were able to sign up for an account I have used in the past instead of creating an account with the email address I want to use in the future the account is no longer active on Tesla s internal IDP but may still have internally assigned privileges what about various web applications After the account is taken over if you wish I m fairly familiar with the Tesla Retail Tool TRT due to a bug I discovered earlier TRT stores confidential IT and business information such as network circuit information local device logins network logins for ISP and utility accounts financial information and details about current upcoming and previous Tesla locations such as lease terms internal and External contact information floor plans and interior photos of restricted areas of Tesla properties I know TRT allows access from internal and external accounts For authentication it takes a JWT that specifies an email address that is authenticated against a manually defined list of users in the application At Tesla s scale it would be difficult to manually update that list every time an employee leaves In theory it should be fine if past employees have defined access to the web app since their IDP accounts will be disabled or deleted so they won t be able to log into the app through Tesla s internal IDP But what if it was possible to register an external account using an internal email address of a former Tesla employee who could access TRT and gain access to the web application while the privileges were still assigned to the now defunct email address Will this give me a valid JWT and the victim s email address as if I were logging in through the internal IDP I used Google Dorks to search the LinkedIn profiles of ex Tesla employees in positions that should have had access to TRT especially sensitive information For example site linkedin com inurl in “field systems “tesla motors intitle tesla inurl postsThis finds the former on site IT personnel who should have access to network informationIn testing it was possible to register an account at auth tesla com external IDP using a former Tesla employee s email which still had privileges assigned in TRT I could then use the identity and permissions of a former employee whose internal IDP account may have been wiped to access the Tesla Retail Tool by creating an account on the public IDP with the same email address This made multiple attempts against multiple email addresses of the former employee Tesla has two Identity Providers IDPs auth tesla com for external users and sso telsa com for employees The Tesla Retail Tool TRT allows logins from both but does not check the IDP the user is logged into auth tesla com vs sso tesla com This is for Google Dorks I was able to identify the name and deduce the email address of the ex Tesla employee and then register an account with the external IDP using the email address of the ex employee whose account had been disabled on the internal IDP but who they Still have the privileges defined by TRT s internal Tesla email addresses and end up logging into TRT with those user s privileges TimelineNovember Submit bug reportsNovember Tesla verifies the vulnerability and begins the fix processNovember I notified Tesla and I can confirm that the account I created in the report no longer has access to TRTNovember Tesla is marked as resolved and bounty awarded Vulnerability disclosure address Source |
2023-05-08 23:45:55 |
海外TECH |
DEV Community |
React Suspense for Data Fetching with Axios in React 18 |
https://dev.to/alakkadshaw/react-suspense-for-data-fetching-with-axios-in-react-18-5c29
|
React Suspense for Data Fetching with Axios in React In this blog post we will what React Suspense is and how it can be used for Data Fetching in React React Suspense has been in the making for a long time but it has now been released as a stable feature part of Concurrent React and makes use of the new Concurrent rendering engine released in React Suspense allows displaying a fallback component until the child component has finished loading the data Let s build an application that uses Suspense along with Axios to fetch data from the jsonplaceholder API to display a list of Posts Dead Simple Chat allows you to add chat in your React Applications using powerful JavaScript Chat API and SDK With Dead Simple Chat you can add chat to your application in minutes Step Scaffold your React ApplicationWe will use create react app to scaffold our application open the terminal and cd into the directory where you want to scaffold the application and run the following command npx create react app react suspense democd react suspense demo Step Install AxiosNext to use Axios in our application we will install the Axios package using npm install npm install save axiosStep Create a custom hook for Suspense to workWe will first create a utility method to wrap the Axios request to work with React Suspense Create a file under the src folder called as useGetData js that will contain the code for our custom hook src useGetData jsimport useState useEffect from react import axios from axios const promiseWrapper promise gt let status pending let result const s promise then value gt status success result value error gt status error result error return gt switch status case pending throw s case success return result case error throw result default throw new Error Unknown status function useGetData url const resource setResource useState null useEffect gt const getData async gt const promise axios get url then response gt response data setResource promiseWrapper promise getData url return resource export default useGetData We created a utility method called the promiseWrapper to wrap the Axios request and then created a custom hook called as useGetData that we will use in our components to send HTTP Get requests using Axios The hook uses a state variable called as the resource to store resources we get after wrapping our Axios promise around our promiseWrapper method Our promiseWrapper method returns a function when called it runs the switch case on the current state of the promise and returns accordingly pending If the status of the promise is pending then it returns the promise itself This causes the React Suspense to trigger the fallback component success If the status of the promise if success then it returns the value returned after resolving the promise error If the status of the promise is error then it throws an error Step Creating PostsComponet to display a list of postsNow we will create a PostsComponet that will use our custom hook and call the jsonplaceholder typicode com posts API to fetch a list of mock posts src PostsComponent jsimport React from react import useGetData from useGetData function PostsComponent const data useGetData return lt div gt data amp amp data map post gt lt div key post id gt lt h gt post title lt h gt lt hr gt lt p gt post body lt p gt lt div gt lt div gt export default PostsComponent This component is very simple we are calling our custom hook useGetData and giving it an endpoint URL to fetch the list of posts Assing the result from the custom hook to a variable called as data and displaying it on the screen Step Wrapping our PostsComponent in SuspenseFinally it s time to use our PostsComponent in our application open App js and add the following code to the file src App jsimport React Suspense from react import PostsComponent from PostsComponent function App return lt div className App gt lt Suspense fallback lt div gt Loading Posts lt div gt gt lt PostsComponent gt lt Suspense gt lt div gt export default App We are adding the lt PostsComponent gt as a child to the lt Suspense fallback gt lt Suspense gt component The Suspense component has a fallback prop here you can pass a component that you want to display until the child component loads In our example we are showing just basic div which text Loading Posts You can see the working example here Step That s itWe have seen how to use Suspense for data fetching in React hopefully the above example was helpful in understanding how to use the Suspense component Adding Delay in Loading PostTo show clearly that our Suspense is working we can add a setTimeout in our promiseWrapper const promiseWrapper promise delay gt let status pending let result const s promise then value gt return new Promise resolve gt setTimeout gt status success result value resolve value delay catch error gt status error result error return gt switch status case pending throw s case success return result case error throw result default throw new Error Unknown status And we will also update our App js file and added LoadingScreen component to display a loading message src App jsimport React Suspense from react import PostsComponent from PostsComponent function LoadingScren return lt div gt lt h gt Loading Posts lt h gt lt h gt loading amazing posts for you to read lt h gt lt div gt function App return lt div className App gt lt Suspense fallback lt LoadingScren gt gt lt PostsComponent gt lt Suspense gt lt div gt export default App Here is the final result you can see the working example here Comparison without using SuspenseLet s also see how our code would have looked if we had not used React Suspense We would have used a combination of useEffect and useState to achieve similar results Our code PostComponent js would look like this src PostsComponent jsimport React useEffect useState from react import axios from axios function PostsComponent const data setData useState null const isLoading setIsLoading useState true useEffect gt async function fetchPosts const response await axios get setIsLoading false setData response data fetchPosts if isLoading return lt div gt Loading Posts lt div gt return lt div gt data amp amp data map post gt lt div key post id gt lt h gt post title lt h gt lt hr gt lt p gt post body lt p gt lt div gt lt div gt export default PostsComponent We have used the useEffect hook to make the API call to fetch the list of posts and set the result in a state variable that we will display To handle the loading state we have created a state variable called as isLoading and we are setting it to true by default once the posts are loaded we are updating the isLoading state variable to false Using JavaScript Chat SDK integrate in app chat in your React application in minutes Dead Simple Chat is a highly scaleable chat solution that can be used for any chat use case Handing Errors in Suspense with Error BoundariesReact Suspense has support for ErrorBoundaries we can wrap the Suspense component in an ErrorBoundary and the error thrown by the Suspense s Child Component will be gracefully handled by the ErrorBoundary component Let s update our example to use ErrorBoundary Create a file called as src ErrorBoundary js to hold our ErrorBoundary component import Component from react class ErrorBoundary extends Component constructor props super props this state hasError false static getDerivedStateFromError error return hasError true componentDidCatch error errorInfo Report the Error to Some Error Reporting Service console error Error error errorInfo render if this state hasError return this props fallback return this props children export default ErrorBoundary The ErrorBoundary can only be a class component the other components in our application can be as is functional components but just the ErrorBoundary component has to be the class component because the lifecycle methods componentDidCatch and getDerviedStateFromError are not available in functional components Our ErrorBoundary component accepts a fallback prop which is returned when an error is detected We can pass a component to the fallback prop and that component will be displayed in case of an error Finally we will update our App js code to use our ErrorBoundary component App jsimport React Suspense from react import ErrorBoundary from ErrorBoundary import PostsComponent from PostsComponent function LoadingScren return lt div gt lt h gt Loading Posts lt h gt lt h gt loading amazing posts for you to read lt h gt lt div gt function App return lt div className App gt lt ErrorBoundary fallback lt div gt Error Occurred when loading Post lt div gt gt lt Suspense fallback lt LoadingScren gt gt lt PostsComponent gt lt Suspense gt lt ErrorBoundary gt lt div gt export default App That s it Now when a network error occurs when loading the posts our ErrorBoundary will handle it and display our fallback component which is a div tag with a message ConclusionHopefully this post was helpful in understanding the concept of React Suspense We have looked at an example of how to use React Suspense with Axios to fetch data We also looked at the example of how we would have done data fetching without using Suspense and looked at an example of error handling using Suspense this article was originally written on DeadSimpleChat website React Suspense for Data Fetching with Axios in React |
2023-05-08 23:16:48 |
金融 |
金融総合:経済レポート一覧 |
金融政策決定会合議事要旨(2023年3月9、10日開催分) |
http://www3.keizaireport.com/report.php/RID/536606/?rss
|
日本銀行 |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
FX Daily(5月5日)~強い米雇用統計結果を受けて、一時135円台に上昇 |
http://www3.keizaireport.com/report.php/RID/536607/?rss
|
fxdaily |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
FOMC 今回の利上げをもって一旦打ち止め~更なる利上げはデータ次第。早期の利下げ転換はハードルが高いか:米国 |
http://www3.keizaireport.com/report.php/RID/536608/?rss
|
大和総研 |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
明治期から戦後復興期までの日本銀行バランスシート:データの整理とその変遷 |
http://www3.keizaireport.com/report.php/RID/536609/?rss
|
戦後復興期 |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
MUFG Focus USA(2023年5月3日):5月FOMC~0.25%ポイントの利上げを決定、声明文で利上げ停止の可能性を示唆 |
http://www3.keizaireport.com/report.php/RID/536610/?rss
|
mufgfocususa |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
日本:高めの物価上昇率が続くも現状維持を決めた日本銀行 |
http://www3.keizaireport.com/report.php/RID/536611/?rss
|
三菱ufj銀行 |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
金融不安の燻る中、利上げ継続も6月に利上げ停止の可能性(23年5月2、3日FOMC)~信用状況の引き締りが強ければ、6月以降政策金利を据え置きへ:Fed Watching |
http://www3.keizaireport.com/report.php/RID/536612/?rss
|
fedwatching |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
金融デジタル化は金融包摂につながるか~日本における金融排除の潜在的なリスクに注視を:ESG投資 |
http://www3.keizaireport.com/report.php/RID/536613/?rss
|
大和総研 |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
米FOMC(23年5月)~予想通り、0.25%利上げ、政策金利の据え置き方針を示唆:経済・金融フラッシュ |
http://www3.keizaireport.com/report.php/RID/536615/?rss
|
予想通り |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
穏健な雇用統計をみてFedは利上げ停止へ:経済の舞台裏 |
http://www3.keizaireport.com/report.php/RID/536619/?rss
|
第一生命経済研究所 |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
マレーシア中銀、インフレリスクを警戒して3会合ぶりに利上げ局面再開~先行きの政策運営の方向性に関する明言は避けるも、外部環境に左右される展開は避けられない:Asia Trends |
http://www3.keizaireport.com/report.php/RID/536621/?rss
|
asiatrends |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
ブラジル中銀、利上げ局面の再開は「可能性低い」との認識を示す~政権内の利下げ要求に中銀は「けん制」するなど、高金利政策が維持される可能性は高い:World Trends |
http://www3.keizaireport.com/report.php/RID/536622/?rss
|
worldtrends |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
5月ECB理事会レビュ~利上げ幅縮小も、まだすべきことがある:Europe Trends |
http://www3.keizaireport.com/report.php/RID/536623/?rss
|
europetrends |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
FDIC報告書によるCBDCへの示唆:井上哲也のReview on Central Banking |
http://www3.keizaireport.com/report.php/RID/536624/?rss
|
reviewoncentralbanking |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
FRBのパウエル議長の記者会見~No commitment:井上哲也のReview on Central Banking |
http://www3.keizaireport.com/report.php/RID/536625/?rss
|
nocommitment |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
ECBのラガルド総裁の記者会見~More ground to cover:井上哲也のReview on Central Banking |
http://www3.keizaireport.com/report.php/RID/536626/?rss
|
moregroundtocover |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
米地銀の次の破綻・買収候補を探す金融市場:経営リスクの指標は預金流出から株価下落に:木内登英のGlobal Economy & Policy Insight |
http://www3.keizaireport.com/report.php/RID/536627/?rss
|
lobaleconomypolicyinsight |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
利上げ打ち止めの可能性を示唆したFOMC:先行きの不確実性は強まる:木内登英のGlobal Economy & Policy Insight |
http://www3.keizaireport.com/report.php/RID/536628/?rss
|
lobaleconomypolicyinsight |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
ECBは予想通り0.25%の利上げ:利上げ継続を示唆も市場はピークが近いと認識:木内登英のGlobal Economy & Policy Insight |
http://www3.keizaireport.com/report.php/RID/536629/?rss
|
lobaleconomypolicyinsight |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
公的年金の財政検証に向けて:ニッセイ年金ストラテジー |
http://www3.keizaireport.com/report.php/RID/536630/?rss
|
公的年金 |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
【注目検索キーワード】金融リテラシー |
http://search.keizaireport.com/search.php/-/keyword=金融リテラシー/?rss
|
検索キーワード |
2023-05-09 00:00:00 |
金融 |
金融総合:経済レポート一覧 |
【お薦め書籍】1300万件のクチコミでわかった超優良企業 |
https://www.amazon.co.jp/exec/obidos/ASIN/4492534628/keizaireport-22/
|
転職 |
2023-05-09 00:00:00 |
ニュース |
BBC News - Home |
New GP plan asks more patients to use pharmacies |
https://www.bbc.co.uk/news/health-65488030?at_medium=RSS&at_campaign=KARANGA
|
pharmaciesthe |
2023-05-08 23:03:10 |
ニュース |
BBC News - Home |
Tom Hanks' debut novel lifts lid on movie industry, and his on-set behaviour |
https://www.bbc.co.uk/news/entertainment-arts-65404525?at_medium=RSS&at_campaign=KARANGA
|
james |
2023-05-08 23:04:00 |
ニュース |
BBC News - Home |
ChatGPT: Can students pass using AI tools at university? |
https://www.bbc.co.uk/news/education-65316283?at_medium=RSS&at_campaign=KARANGA
|
advice |
2023-05-08 23:51:43 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
WSJ記者拘束、北米ユダヤ人連盟が米国務長官に書簡送付へ - WSJ発 |
https://diamond.jp/articles/-/322636
|
国務長官 |
2023-05-09 08:18:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
中国当局、外資企業のスパイ行為への規制実施=CCTV - WSJ発 |
https://diamond.jp/articles/-/322635
|
cctvwsj |
2023-05-09 08:18:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
グーグル、NYタイムズに3年間で1億ドル支払いへ - WSJ発 |
https://diamond.jp/articles/-/322637
|
支払い |
2023-05-09 08:06:00 |
マーケティング |
MarkeZine |
Z世代の6割以上がYouTuberの動画を毎日視聴 人気のジャンルは「エンタメ」【otalab調査】 |
http://markezine.jp/article/detail/42132
|
otalab |
2023-05-09 08:30:00 |
コメント
コメントを投稿