投稿時間:2023-07-13 18:28:41 RSSフィード2023-07-13 18:00 分まとめ(29件)

カテゴリー等 サイト名等 記事タイトル・トレンドワード等 リンクURL 頻出ワード・要約等/検索ボリューム 登録日
ROBOT ロボスタ 会話ロボットとデジタルサイネージが連携 ユカイ工学が不動産内見案内を「リフォーム産業フェア2023」で公開へ https://robotstart.info/2023/07/13/bocco-emo-link-digital-signage.html 会話ロボットとデジタルサイネージが連携ユカイ工学が不動産内見案内を「リフォーム産業フェア」で公開へシェアツイートはてブユカイ工学は、年月日日にかけて東京ビッグサイトで開催される「リフォーム産業フェア」に出展。 2023-07-13 08:21:20
IT ITmedia 総合記事一覧 [ITmedia News] 運転士の白手袋や行路票など…… JR東「運転士スターターキット」発売 「トレインシミュレータと一緒に」 https://www.itmedia.co.jp/news/articles/2307/13/news171.html itmedia 2023-07-13 17:27:00
AWS lambdaタグが付けられた新着投稿 - Qiita API Gateway + CognitoでWebサイトからバックエンドの処理を呼び出す https://qiita.com/mkttks/items/bb277e01c2dad6e1ee45 amazondynamodb 2023-07-13 17:29:16
python Pythonタグが付けられた新着投稿 - Qiita Groverのアルゴリズムで簡単なパズルを解く https://qiita.com/mi_yuyu/items/7a5756c8462fad8eefc3 grover 2023-07-13 17:41:01
python Pythonタグが付けられた新着投稿 - Qiita DataStaxによる生成AIへのアプローチ https://qiita.com/yoshiyuki_kono/items/92ac94e8e4071b960724 datastax 2023-07-13 17:13:26
Ruby Rubyタグが付けられた新着投稿 - Qiita 【Rails7】rails/request.jsでAjax制御する https://qiita.com/BRSF/items/50b6a0d4941d59d58b14 jquery 2023-07-13 17:06:36
AWS AWSタグが付けられた新着投稿 - Qiita 【まとめ】ターゲット追跡スケーリングポリシー https://qiita.com/kokichi8/items/f192817bf1b9ef166ee7 ecautoscalli 2023-07-13 17:53:48
AWS AWSタグが付けられた新着投稿 - Qiita API Gateway + CognitoでWebサイトからバックエンドの処理を呼び出す https://qiita.com/mkttks/items/bb277e01c2dad6e1ee45 amazondynamodb 2023-07-13 17:29:16
Ruby Railsタグが付けられた新着投稿 - Qiita 【Rails7】rails/request.jsでAjax制御する https://qiita.com/BRSF/items/50b6a0d4941d59d58b14 jquery 2023-07-13 17:06:36
技術ブログ Developers.IO Prismaで継続的ににER図が更新される仕組みを試してみました https://dev.classmethod.jp/articles/prisma_er_diagram_auto_generation/ prisma 2023-07-13 08:44:42
技術ブログ Developers.IO NewRelicのAPM(Ruby)用の検証環境を、EC2上のRedmineに構築してみた https://dev.classmethod.jp/articles/newrelic-ruby-apm/ newrelic 2023-07-13 08:35:37
技術ブログ Developers.IO 【アンケートデータ可視化】データ加工をやってみた~Power Query編~ https://dev.classmethod.jp/articles/enquete-etl-power-query/ kariya 2023-07-13 08:35:07
海外TECH DEV Community Exploring Cross-Site Scripting with React and Tauri https://dev.to/crabnebula/exploring-cross-site-scripting-with-react-and-tauri-2aoa Exploring Cross Site Scripting with React and Tauri What is Cross Site Scripting Cross Site Scripting or in short XSS occurs when an attacker can control and execute JavaScript in the context of a website Facilitating JavaScript on websites is very common and there are multiple methods for attackers to execute their own code instead of the intended legitimate JavaScript code of the website There are several types of XSS attacks stored reflected and self Let s dig into these deeper One type is a stored XSS For instance a website may load content from various sources such as files remote sources or database entries and construct the website s DOM or just parts of it and execute it in the visitor s context An attacker has the ability to modify these sources to trick the website into loading their own JavaScript from this stored content Another common type of XSS is reflected where an attacker controls an URL parameter like a search query in a search engine By visiting this link containing the malicious parameter values the code is executed in the context of the website A third type of XSS is one that does not rely on URL parameters or remote sources instead attackers trick users into copy pasting encoded input into a website s input forms causing the script to execute This is called self XSS because only you are able to insert and execute the malicious content Understanding these three common types of XSS helps developers protect their applications against potential attacks How Does React Prevent This React s approach to fix XSS vulnerabilities is to prevent it by design This is similar to how Rust addresses memory safety issues and prevents a complete class of bugs by default In React data passed is not immediately rendered in the website context Instead it is first prepared in a Virtual Document Object Model DOM and only the dynamic content is attached to elements like text nodes This makes it nearly impossible to execute JavaScript that is not already present when building the Virtual DOM With this design the only way script execution could occur is if a malicious JavaScript file is loaded during the application build which is not a typical XSS attack method React s default safety features prevent XSS attacks However developers may still need to directly access or manipulate the DOM which can introduce vulnerabilities if not handled carefully How Can You Still Get XSS in React In React developers typically control nodes and their content within the Virtual DOM tree using the framework but occasionally they may need to manipulate it directly There are several methods for doing this but some can introduce vulnerabilities One such method is dangerouslySetInnerHTML which as the name implies is dangerous if not used carefully Developers should only pass any input into this function when they can ensure it is trusted HTML content as it s directly rendered and bypassing the Virtual DOM Similarly using innerHTML can also lead to XSS vulnerabilities Additionally if a src attribute is set to a user controlled input it can result in script execution For example if an attacker s URL containing JavaScript is set as the source it can lead to an XSS attack Another less common way is if the application exposes the ability to manipulate or create a React template which is then executed To mitigate these risks developers must exercise caution when manipulating the DOM directly in React applications If these features are not used it s highly likely that an application is not vulnerable to XSS which is a significant advantage in comparison to websites not facilitating a framework like React XSS Vulnerabilities Impact in the Browser vs Tauri ApplicationsXSS attacks in websites rendered in a web browser allow attackers to execute JavaScript code in the website context which permits them to emulate or modify the website s actions For example if an attacker compromises Google they could steal a user s Google cookie monitor their search queries and track their browsing activity However further actions are limited by browser sandboxes which act as a security measure Browser vendors invest heavily in sandboxing technology and maintain large security teams to ensure the safety of their users As a result the potential damage caused by XSS attacks in browsers is restricted by these sandboxes which helps to protect users from more harmful consequences Tauri applications provide similar built in sandboxing capabilities These are mostly secure by default and can be fine grained configured by the developer of the application However Tauri developers may not have the same level of security expertise as large well funded teams that develop in browsers using sandboxes As a result Tauri apps are more likely to expose features which can be abused in XSS based attacks which can lead to more significant consequences than in browser attacks In the worst case scenario an attacker could gain remote code execution privileges on a user s computer which is a highly undesirable outcome Therefore understanding and preventing XSS vulnerabilities in Tauri applications is crucial for developers to ensure the security of their users As prevention is only one layer it is necessary to configure the Content Security Policy to limit the impact of such an attack Another layer of defense is the Tauri configuration which allows to limit system access by using scopes for the enabled endpoints If all of these layers are implemented correctly the impact of XSS in a Tauri application is greatly reduced and should contain the attack to the access level of the application SummaryInsights on Cross Site Scripting XSS in React js provides a valuable understanding of how the popular front end framework addresses potential vulnerabilities React s approach to XSS defense makes it more difficult for attackers to execute malicious JavaScript in a website s context It s crucial to recognize the risks of directly manipulating the DOM in React applications as methods like dangerouslySetInnerHTML and innerHTML can introduce vulnerabilities if not used carefully Additionally it s worth noting that XSS attacks on Tauri applications can be more impactful due to their possibly increased system access making it essential for developers to thoroughly understand XSS prevention and impact reduction techniques If you have any further questions comments or remarks feel free to reach out to us at CrabNebula Consulting Author Tillmann Weidinger Director of Security 2023-07-13 08:50:34
海外TECH DEV Community HOW TO SETUP FIREBASE AUTHENTICATION ON A REACT PROJECT https://dev.to/nzubechukwu_okere/howto-setup-firebase-authentication-on-a-react-project-33ab HOW TO SETUP FIREBASE AUTHENTICATION ON A REACT PROJECT INTRODUCTIONSetting up a way of authentication for users is a really good way of improving the outlook of your web application You might have some protected routes that you only want authenticated and signed in users to have access to There are many ways to set up authentication including using a backend using Nextjs authentication or firebase authentication among so many others This article is going to cover authentication with firebase Firebase is a technology that provides a lot of backend services It is generally referred to as backend as a service BaaS It s owned by google and provides a wide range of services including real time database cloud storage hosting and authentication which is what we d cover in this article Before you continue this tutorial is for those who are already comfortable using React and not for absolute beginners Authentication With FirebaseAuthenticating users using firebase is very simple using the firebase SDK you can set up authentication with phone numbers email and password which is the most popular You can also set up authentication with other third party services like Google Twitter Apple Microsoft Facebook GitHub etc Authentication with firebase can be used for web applications iOS applications android applications etc and with a lot of programming languages and frameworks This article is going to cover authentication for web applications and more specifically authentication with email and password in React Auth and authentication will be used interchangeably throughout the course of this article they both mean the same thing Getting Started With Email Password AuthenticationBefore you integrate firebase authentication in your React project you d have to have a google account which you d then use to create a firebase account After doing all the necessary authentication you click here to get started with a new project When you get in click on the “get started button you see It will lead you to a page where you can add a project Click on the “add project button to add one Give the project a name It could be anything You could use “my auth project if you like And then continue You d be asked to enable google analytics for the project you can decline that and click on “create project Wait some seconds for it to create your new project Now that your new project has been created click on “continue You d get to an interface where you d see a lot of options you can choose whatever you want to implement For auth click on authentication and that will lead you to a new interface where you can choose how you want to authenticate users Click on email password After that make sure you enable email password and click on save You d see a new interface an empty one without any authenticated user Now navigate to VSCODE and create a new React project using “npx create react app auth “auth is the name of the react project here You can give it any name or just give a space and add “ After CRA After that make sure you re in the auth directory and install firebase into your application using “npm i firebase this will install firebase for you Now go back to firebase to the project you created initially and click on the web project icon “ lt gt you see there The third one from the left Just like you can see in the image below Now give it a nickname as they ve requested It could be any name After you ve done that click on “register app This will lead you to another interface where you d be required to install firebase using Npm We already did that Now skip that and move to the next which is copying the code firebase has provided Create a firebase js file on the src directory this is where you d paste the code to initialize firebase in your React application This is where all of your firebase configurations for your React project will happen Again the pasted code is used to initialize firebase in your application Take a look at the code snippet below Import the functions you need from the SDKs you needimport initializeApp from firebase app TODO Add SDKs for Firebase products that you want to use available libraries Your web app s Firebase configurationconst firebaseConfig apiKey AIzaSyARMzfqJbdwtsPVQCiRqEMP fjacuE authDomain my auth project de firebaseapp com projectId my auth project de storageBucket my auth project de appspot com messagingSenderId appId web decdc Initialize Firebaseconst app initializeApp firebaseConfig Remember to use your own they are all unique both project and app IDs and keys Now that you ve done that you have to tell firebase that you are using authentication on your project and how you d do that is by initializing firebase auth in your firebase js configuration Check the updated code below Import the functions you need from the SDKs you needimport initializeApp from firebase app import getAuth from firebase auth TODO Add SDKs for Firebase products that you want to use available libraries Your web app s Firebase configurationconst firebaseConfig apiKey AIzaSyARMzfqJbdwtsPVQCiRqEMP fjacuE authDomain my auth project de firebaseapp com projectId my auth project de storageBucket my auth project de appspot com messagingSenderId appId web decdc Initialize Firebaseconst app initializeApp firebaseConfig Initialize Firebase Authentication and get a reference to the serviceexport const auth getAuth app export default app By initializing firebase auth in the code above you ve now added a reference to the firebase authentication service Implementing authentication in your projectNow that you have done the necessary configurations you have to start implementing authentication in your project You can do this however you like but this is going to be a very simple one with no styling at all it will be mainly focused on the logic of implementing authentication in your project Now create a components folder and in that folder create another one You can call it “auth In this “auth folder create two files I d call these files “signUp and “signIn you can do the same In the signUp file create a functional arrow component using the VSCODE shortcut RAFCE create a form and implement the logic Take a look at the code snippet below on how to implement the signup functionality import React useState from react import createUserWithEmailAndPassword from firebase auth import auth from firebase const Signup gt const email setEmail useState const password setPassword useState const userSignUp e gt e preventDefault createUserWithEmailAndPassword auth email password then userCredential gt Signed in const user userCredential user console log user catch error gt const errorCode error code const errorMessage error message console log errorCode errorMessage return lt section gt lt div gt lt div gt lt h gt Create Account lt h gt lt form onSubmit “userSignUp gt lt div gt lt input type email value email onChange e gt setEmail e target value required placeholder Enter your email address… gt lt div gt lt div gt lt input type password value password onChange e gt setPassword e target value required placeholder Enter your password… gt lt div gt lt button type submit onClick userSignUp gt Sign up lt button gt lt form gt lt div gt lt div gt lt section gt export default SignupUsing the code snippet above you d be able to easily create a signup functionality in your application using firebase In the signIn file use RAFCE which is a VSCODE shortcut for creating a functional arrow component And create a form and implement the logic for signing in users you can use the code snippet below import React useState from react import signInWithEmailAndPassword from firebase auth import auth from firebase const Login gt const email setEmail useState const password setPassword useState const userLogin e gt e preventDefault signInWithEmailAndPassword auth email password then userCredential gt Signed in const user userCredential user console log user catch error gt const errorCode error code const errorMessage error message console log errorCode errorMessage return lt gt lt section gt lt div gt lt p gt Login into your account lt p gt lt form gt lt div gt lt input Value “email type email required placeholder Enter your email address… onChange e gt setEmail e target value gt lt div gt lt div gt lt input value “password type email required placeholder Enter your password… onChange e gt setPassword e target value gt lt div gt lt div gt lt button onClick userLogin gt Login lt button gt lt div gt lt form gt lt div gt lt section gt lt gt export default LoginThe code above handles authentication for users that have already signed up and just have to sign in For the signup functionality once a user signs up it reflects on your firebase console You get to see the details of the user that just signed up You d see the time stamp the provider and also the unique user id The next functionality is an authentication state observer which is going to check which user is signed in and how a user that s signed in can sign out This can be created in another file which you can name authDetails js or anything you like Check the code snippet below import React useState useEffect from react import onAuthStateChanged signOut from firebase auth import auth from firebase const AuthDetails gt Const authUser setAuthUser useState null useEffect gt onAuthStateChanged auth user gt if user setAuthUser user User is signed in see docs for a list of available properties const uid user uid console log uid uid else setAuthUser null User is signed out console log user is logged out return gt listen this logic is for logging out a signed in userconst handleLogout gt signOut auth then gt Sign out successful console log Signed out successfully catch error gt An error happened return lt div gt this shows if a user is signed in and the user email authUser lt p gt user is signed in as authUser email lt p gt this button is for logging out a signed in user lt button onClick handleLogout gt Sign Out lt button gt lt p gt User signed Out lt p gt if the second condition is met that means user is signed out the text “User signed Out will show lt div gt export default AuthDetailsIn conclusion firebase authentication is easy to implement and helps you register sign in and sign out new users seamlessly I hope this was helpful If you found this helpful kindly follow me on Twitter or on LinkedIn and let s connect 2023-07-13 08:36:41
海外科学 NYT > Science E.R. Visits for Teenage Girls Surged During the Pandemic https://www.nytimes.com/2023/07/12/health/teen-girls-depression-suicide.html E R Visits for Teenage Girls Surged During the PandemicThe proportion of teen girls visiting emergency rooms in mental health crisis rose percent in the pandemic s second year while the proportion of teen boys visiting declined 2023-07-13 08:46:50
医療系 医療介護 CBnews 東京のコロナ患者報告数が3週連続で増加-小児科では他の熱性疾患の受診者も https://www.cbnews.jp/news/entry/20230713174548 医療機関 2023-07-13 17:55:00
医療系 医療介護 CBnews 介護施設の3割、安全対策体制加算を算定せず-労務負担の増加や外部研修受講の余裕なく https://www.cbnews.jp/news/entry/20230713172407 介護保険施設 2023-07-13 17:40:00
金融 ニッセイ基礎研究所 なぜ日本の賃金は大きく上がらなかっただろうか-名目賃金の増加にもかかわらず、物価上昇により実質賃金は低下 https://www.nli-research.co.jp/topics_detail1/id=75450?site=nli 物価水準を反映した年から年までの年間の実質賃金上昇率と、年から年までの年間の実質賃金上昇率は、韓国が、カナダが、米国がでを越えていることに比べ、日本はにとどまっていた。 2023-07-13 17:26:29
金融 ニッセイ基礎研究所 性別を理由とする不利益~女性は家庭のことで仕事に時間を配分できていないことが不利益 https://www.nli-research.co.jp/topics_detail1/id=75449?site=nli 前稿「性別を理由とする不利益男性は低年齢ほど不利益を感じている」では、男性は若年ほど不利益を被っていると感じることがある割合が高いことに着目し、歳以下の男性について、不利益を被っていると感じている人の働き方や家庭との両立に対する考え方や職場の現状にどういった特徴があるかを分析した。 2023-07-13 17:11:21
海外ニュース Japan Times latest articles Springboks have to defy history to beat All Blacks in Auckland https://www.japantimes.co.jp/sports/2023/07/13/rugby/springboks-all-blacks-rugby-championship/ zealand 2023-07-13 17:33:43
ニュース BBC News - Home Junior doctors in England start five-day strike https://www.bbc.co.uk/news/health-66162538?at_medium=RSS&at_campaign=KARANGA walkout 2023-07-13 08:25:29
ニュース BBC News - Home Cerberus heatwave: Hot weather sweeps across southern Europe https://www.bbc.co.uk/news/world-europe-66183069?at_medium=RSS&at_campaign=KARANGA forecasters 2023-07-13 08:53:14
ニュース BBC News - Home UK economy 'listless' as barely grows in four years https://www.bbc.co.uk/news/business-66179998?at_medium=RSS&at_campaign=KARANGA economy 2023-07-13 08:08:01
ニュース BBC News - Home Public sector pay: Government weigh up 6.5% increase https://www.bbc.co.uk/news/uk-politics-66165006?at_medium=RSS&at_campaign=KARANGA minister 2023-07-13 08:42:27
IT 週刊アスキー 【PS Plus情報】『メルブラ:TL』や『UNDERTALE』が7月18日よりゲームカタログ入り! https://weekly.ascii.jp/elem/000/004/145/4145215/ playstationplus 2023-07-13 17:10:00
IT 週刊アスキー 広い会議室でも使える、3台まで増設できるワイヤレススピーカーフォン サンワサプライ https://weekly.ascii.jp/elem/000/004/145/4145190/ 距離 2023-07-13 17:15:00
IT 週刊アスキー Yahoo!検索、飲食店名の検索結果で「クーポン」情報を一覧表示する新機能 https://weekly.ascii.jp/elem/000/004/145/4145209/ yahoo 2023-07-13 17:45:00
IT 週刊アスキー 「Microsoft AI Co-Innovation Lab」を日本に開設へ。AI/IoTなどのビジネス適用を支援 https://weekly.ascii.jp/elem/000/004/145/4145204/ aicoinnovationlab 2023-07-13 17:30:00
IT 週刊アスキー TP-Link、ミドルハイエンドクラスの縦置き型Wi-Fi 6ルーター「Archer AX5400」 https://weekly.ascii.jp/elem/000/004/145/4145211/ archerax 2023-07-13 17:15:00

コメント

このブログの人気の投稿

投稿時間:2021-06-17 22:08:45 RSSフィード2021-06-17 22:00 分まとめ(2089件)

投稿時間:2021-06-20 02:06:12 RSSフィード2021-06-20 02:00 分まとめ(3871件)

投稿時間:2021-06-17 05:05:34 RSSフィード2021-06-17 05:00 分まとめ(1274件)