{"id":27233,"date":"2017-10-31T14:05:41","date_gmt":"2017-10-31T14:05:41","guid":{"rendered":"https:\/\/dev.railscarma.com\/preventing-security-issues-rails\/"},"modified":"2022-09-06T09:26:04","modified_gmt":"2022-09-06T09:26:04","slug":"preventing-security-issues-rails","status":"publish","type":"post","link":"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/%e6%8a%80%e8%a1%93%e8%ab%96%e6%96%87\/preventing-security-issues-rails\/","title":{"rendered":"Rails \u3067\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u554f\u984c\u306e\u9632\u6b62"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"27233\" class=\"elementor elementor-27233\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-28fbd620 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"28fbd620\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6df0c172\" data-id=\"6df0c172\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-27ce2ffe elementor-widget elementor-widget-text-editor\" data-id=\"27ce2ffe\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306f\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u6210\u529f\u3068\u6301\u7d9a\u53ef\u80fd\u306a\u958b\u767a\u3092\u76ee\u6307\u3059\u958b\u767a\u8005\u306b\u3068\u3063\u3066\u5927\u304d\u306a\u61f8\u5ff5\u4e8b\u9805\u3067\u3059\u3002\u3059\u3079\u3066\u306e\u958b\u767a\u8005\u306f\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u3042\u3089\u3086\u308b\u653b\u6483\u304b\u3089\u53ef\u80fd\u306a\u9650\u308a\u5b89\u5168\u306b\u306a\u308b\u3088\u3046\u306a\u30b3\u30fc\u30c9\u3092\u4f5c\u6210\u3057\u305f\u3044\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u304c\u3001100% \u306b\u30d0\u30b0\u304c\u306a\u3044\u3001\u307e\u305f\u306f\u5b89\u5168\u306a\u30b3\u30fc\u30c9\u306f\u5b58\u5728\u3057\u307e\u305b\u3093\u3002\u3057\u305f\u304c\u3063\u3066\u3001\u958b\u767a\u8005\u306f\u3001\u653b\u6483\u306b\u5bfe\u3059\u308b\u8106\u5f31\u6027\u3092\u6700\u5c0f\u9650\u306b\u6291\u3048\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4f5c\u6210\u3059\u308b\u305f\u3081\u306b\u6700\u5584\u3092\u5c3d\u304f\u3059\u5fc5\u8981\u304c\u3042\u308b\u3053\u3068\u3092\u8a8d\u8b58\u3057\u3066\u3044\u307e\u3059\u3002\u8106\u5f31\u6027\u306e\u691c\u51fa\u306f\u7c21\u5358\u3067\u3059\u304c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4fb5\u5bb3\u3084\u30cf\u30c3\u30ad\u30f3\u30b0\u306b\u3088\u308a\u640d\u5931\u304c\u751f\u3058\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u304c\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u958b\u767a\u30d7\u30ed\u30bb\u30b9\u306e\u958b\u59cb\u76f4\u5f8c\u304b\u3089\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u554f\u984c\u3092\u30c1\u30a7\u30c3\u30af\u3057\u3001\u9806\u8abf\u306b\u9032\u3081\u308b\u305f\u3081\u306b\u5b9a\u671f\u7684\u306a\u54c1\u8cea\u30c1\u30a7\u30c3\u30af\u3092\u5b9f\u65bd\u3059\u308b\u3053\u3068\u304c\u5e38\u306b\u826f\u3044\u7406\u7531\u3067\u3059\u3002<\/p><h3><strong>1]\u30bb\u30c3\u30b7\u30e7\u30f3<\/strong><\/h3><p>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8a55\u4fa1\u3092\u59cb\u3081\u308b\u306b\u306f\u3001\u7279\u5b9a\u306e\u653b\u6483\u306b\u5bfe\u3057\u3066\u8106\u5f31\u306b\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u30bb\u30c3\u30b7\u30e7\u30f3\u304b\u3089\u59cb\u3081\u308b\u306e\u304c\u826f\u3044\u3067\u3057\u3087\u3046\u3002<\/p><pre><code>session[:user_id] = @current_user.id User.find(session[:user_id])<\/code><\/pre><p>\u2013 \u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001Ruby on Rails \u306f Cookie \u30d9\u30fc\u30b9\u306e\u30bb\u30c3\u30b7\u30e7\u30f3 \u30b9\u30c8\u30a2\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u3001\u4f55\u304b\u304c\u5909\u66f4\u3055\u308c\u306a\u3044\u9650\u308a\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u3067\u30bb\u30c3\u30b7\u30e7\u30f3\u304c\u671f\u9650\u5207\u308c\u306b\u306a\u3089\u306a\u3044\u3053\u3068\u3092\u610f\u5473\u3057\u307e\u3059\u3002\u3064\u307e\u308a\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3084 ID \u306a\u3069\u306e\u6a5f\u5bc6\u30c7\u30fc\u30bf\u3092\u30bb\u30c3\u30b7\u30e7\u30f3\u5185\u306b\u6c7a\u3057\u3066\u4fdd\u6301\u3059\u3079\u304d\u3067\u306f\u306a\u3044\u3068\u3044\u3046\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002<br \/>\u2013 \u3057\u305f\u304c\u3063\u3066\u3001\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9\u306f\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30d9\u30fc\u30b9\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u3067\u3059\u3002Rails \u3092\u4f7f\u7528\u3059\u308b\u3068\u975e\u5e38\u306b\u7c21\u5358\u3067\u3059 \u2013<\/p><p>\u30d7\u30ed\u30b8\u30a7\u30af\u30c8::Application.config.session_store :active_record_store<br \/>\u30bb\u30c3\u30b7\u30e7\u30f3 ID \u306f\u300132 \u6587\u5b57\u306e\u30e9\u30f3\u30c0\u30e0\u306a 16 \u9032\u6587\u5b57\u5217\u3067\u3059\u3002<\/p><p>\u30bb\u30c3\u30b7\u30e7\u30f3 ID \u306f\u3001OpenSSL\u3001\/dev\/urandom\u3001Win32 \u306a\u3069\u306e\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u56fa\u6709\u306e\u30e1\u30bd\u30c3\u30c9\u3092\u4f7f\u7528\u3057\u3066\u3001\u6697\u53f7\u7684\u306b\u5b89\u5168\u306a\u4e71\u6570\u3092\u751f\u6210\u3059\u308b\u30e9\u30f3\u30c0\u30e0\u306a 16 \u9032\u6587\u5b57\u5217\u3092\u751f\u6210\u3059\u308b SecureRandom.hex \u3092\u4f7f\u7528\u3057\u3066\u751f\u6210\u3055\u308c\u307e\u3059\u3002\u73fe\u6642\u70b9\u3067\u306f\u3001Rails \u306e\u30bb\u30c3\u30b7\u30e7\u30f3 ID \u306e\u30ed\u30b0\u30a4\u30f3\u8cc7\u683c\u60c5\u5831\u306b\u5bfe\u3057\u3066\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u3001\u3064\u307e\u308a\u8a66\u884c\u932f\u8aa4\u653b\u6483\u3092\u884c\u3046\u3053\u3068\u306f\u3067\u304d\u307e\u305b\u3093\u3002<\/p><p>\u4e00\u822c\u7684\u306a\u30bb\u30c3\u30b7\u30e7\u30f3\u30d9\u30fc\u30b9\u306e\u653b\u6483\u306e\u3044\u304f\u3064\u304b\u3092\u6b21\u306b\u793a\u3057\u307e\u3059\u3002<br \/>\u30bb\u30c3\u30b7\u30e7\u30f3 \u30cf\u30a4\u30b8\u30e3\u30c3\u30af:- \u3053\u308c\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u306f\u30e6\u30fc\u30b6\u30fc\u306e\u30bb\u30c3\u30b7\u30e7\u30f3 ID \u3092\u76d7\u307f\u3001\u88ab\u5bb3\u8005\u306e\u540d\u524d\u3067 Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<br \/>\u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u56fa\u5b9a:- \u653b\u6483\u8005\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u30bb\u30c3\u30b7\u30e7\u30f3 ID \u3092\u76d7\u3080\u3060\u3051\u3067\u306a\u304f\u3001\u65e2\u77e5\u306e\u30bb\u30c3\u30b7\u30e7\u30f3 ID \u3092\u56fa\u5b9a\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002\u3053\u308c\u306f\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u3068\u547c\u3070\u308c\u307e\u3059\u3002<br \/>\u30bb\u30c3\u30b7\u30e7\u30f3\u306e\u6709\u52b9\u671f\u9650:- \u653b\u6483\u8005\u306f\u3001\u671f\u9650\u5207\u308c\u306e\u306a\u3044\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u4f7f\u7528\u3057\u3066\u653b\u6483\u306e\u6642\u9593\u3092\u5ef6\u9577\u3057\u3088\u3046\u3068\u3057\u307e\u3059\u3002\u30af\u30ed\u30b9\u30b5\u30a4\u30c8 \u30ea\u30af\u30a8\u30b9\u30c8 \u30d5\u30a9\u30fc\u30b8\u30a7\u30ea (CSRF)\u3001\u30bb\u30c3\u30b7\u30e7\u30f3 \u30cf\u30a4\u30b8\u30e3\u30c3\u30af\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u56fa\u5b9a\u306a\u3069\u306e\u653b\u6483\u304c\u305d\u306e\u4f8b\u3067\u3059\u3002<\/p><h3><strong>2]\u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/strong><\/h3><p>\u653b\u6483\u8005\u304c\u30b3\u30de\u30f3\u30c9 \u30e9\u30a4\u30f3 \u30d1\u30e9\u30e1\u30fc\u30bf\u307e\u305f\u306f Unix \u30b3\u30de\u30f3\u30c9\u5168\u4f53\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u5834\u5408\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f\u30b3\u30de\u30f3\u30c9 \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u5bfe\u3057\u3066\u8106\u5f31\u306b\u306a\u308a\u307e\u3059\u3002\u305f\u3060\u3057\u3001Rails \u3067 UNIX \u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u306f\u4e00\u822c\u7684\u3067\u306f\u306a\u3044\u305f\u3081\u3001\u3053\u306e\u3088\u3046\u306a\u653b\u6483\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u306f\u4f4e\u304f\u306a\u308a\u307e\u3059\u3002<br \/>\u4e00\u65b9\u3001\u9867\u5ba2\u30c7\u30fc\u30bf\u306b\u5bfe\u3057\u3066 Unix \u30b3\u30de\u30f3\u30c9\u3092\u76f4\u63a5\u4f7f\u7528\u3059\u308b\u30d0\u30c3\u30af\u30b0\u30e9\u30a6\u30f3\u30c9 \u30d7\u30ed\u30bb\u30b9\u3067\u8106\u5f31\u6027\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p><p>\u4e00\u822c\u7684\u306a Rails \u30b3\u30de\u30f3\u30c9 \u30e9\u30a4\u30f3 \u30e1\u30bd\u30c3\u30c9\u306e\u3044\u304f\u3064\u304b\u3092\u6b21\u306b\u793a\u3057\u307e\u3059\u3002<br \/>%x[\u2026]<br \/>\u30b7\u30b9\u30c6\u30e0\uff08\uff09<br \/>\u5b9f\u884c()<br \/>`&#8230;`<br \/>\u30b3\u30de\u30f3\u30c9\u3092\u9023\u9396\u3055\u305b\u308b\u65b9\u6cd5\u306f\u8907\u6570\u3042\u308a\u307e\u3059\u304c\u3001\u305d\u308c\u306f\u30db\u30b9\u30c6\u30a3\u30f3\u30b0 \u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306b\u3082\u4f9d\u5b58\u3059\u308b\u3053\u3068\u306b\u3082\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u4f8b: \u300c&amp;\u300d\u3001\u300c&amp;&amp;\u300d\u3001\u300c|\u300d\u3001\u300c||\u300d\u7b49<br \/>\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c\u4e2d\u306b\u74b0\u5883\u5909\u6570\u3092\u4fdd\u8b77\u3059\u308b<br \/>Rails \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u3088\u3063\u3066\u5b9f\u884c\u3055\u308c\u308b\u30d7\u30ed\u30bb\u30b9\u306f\u3001API \u30ad\u30fc\u306a\u3069\u3067\u69cb\u6210\u3055\u308c\u308b\u89aa\u30d7\u30ed\u30bb\u30b9\u306e\u74b0\u5883\u5909\u6570\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p><h3><strong>3] SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3<\/strong><\/h3><p>SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u3001SQL \u30af\u30a8\u30ea\u5185\u3067\u5b89\u5168\u306b\u4f7f\u7528\u3055\u308c\u306a\u3044\u5024\u3092\u30e6\u30fc\u30b6\u30fc\u304c\u64cd\u4f5c\u3067\u304d\u308b\u5834\u5408\u306b\u767a\u751f\u3057\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u30c7\u30fc\u30bf\u640d\u5931\u3001\u30c7\u30fc\u30bf\u6f0f\u6d29\u3001\u7279\u6a29\u306e\u6607\u683c\u306a\u3069\u306e\u671b\u307e\u3057\u304f\u306a\u3044\u7d50\u679c\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p><p>SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u975e\u5e38\u306b\u7c21\u5358\u3067\u4e00\u822c\u7684\u306a\u653b\u6483\u3067\u3042\u308a\u3001Web \u30b5\u30a4\u30c8\u3084\u767a\u751f\u72b6\u6cc1\u306b\u3088\u3063\u3066\u306f\u3001\u305d\u306e\u5f71\u97ff\u304c\u975e\u5e38\u306b\u6df1\u523b\u306b\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p><p>\u958b\u767a\u8005\u3068\u3057\u3066\u3001SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b\u3059\u3079\u3066\u306e\u53ef\u80fd\u6027\u306b\u6ce8\u610f\u3057\u3001\u305d\u308c\u306b\u5fdc\u3058\u3066\u540c\u69d8\u306b\u51e6\u7406\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p><p>SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306f\u6b21\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p><pre><code>Employee.all(:conditions =&gt; &quot;\u6307\u5b9a = #{params[:\u6307\u5b9a]}&quot;)<\/code><\/pre><p>\u4e0a\u8a18\u306e\u30b3\u30fc\u30c9\u306f SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306b\u5bfe\u3057\u3066\u8106\u5f31\u3067\u3059\u304c\u3001\u6b21\u306e\u30b3\u30fc\u30c9\u306f SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3092\u9632\u304e\u307e\u3059\u3002<\/p><pre><code>Employee.all(:conditions =&gt; [&#039;\u6307\u5b9a = ?&#039;, params[:\u6307\u5b9a]])<\/code><\/pre><p>\u307e\u305f\u306f<\/p><pre><code>Employee.all(:conditions =&gt; {:designation =&gt; params[:designation]})<\/code><\/pre><h5><strong>Rails\u306b\u304a\u3051\u308bSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u5bfe\u7b56<\/strong><\/h5><p>SQL \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u3059\u3079\u3066\u306e\u30b9\u30c6\u30fc\u30c8\u30e1\u30f3\u30c8\u3092\u30c6\u30b9\u30c8\u3059\u308b\u306e\u306f\u9000\u5c48\u306a\u4f5c\u696d\u306b\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u304c\u3001Brakeman \u306e\u3088\u3046\u306a\u9759\u7684\u30b3\u30fc\u30c9 \u30b9\u30ad\u30e3\u30ca\u30fc\u306a\u3069\u306e\u5bfe\u7b56\u3092\u8b1b\u3058\u308b\u5fc5\u8981\u304c\u3042\u308a\u3001\u3044\u304f\u3064\u304b\u306e\u5358\u4f53\u30c6\u30b9\u30c8 \u30b1\u30fc\u30b9\u3092\u4f5c\u6210\u3067\u304d\u307e\u3059\u3002<br \/><strong>a) \u4e00\u822c\u898f\u5247:<\/strong>\u2013 \u3053\u306e\u3088\u3046\u306b\u6587\u5b57\u5217\u5909\u5316 (#{}) \u3067 params \u3092\u4f7f\u7528\u3057\u306a\u3044\u3067\u304f\u3060\u3055\u3044\u3002<br \/>\u4f8b\u3048\u3070<\/p><pre><code>User.where(&quot;name = &#039;#{params[:name]}&#039;&quot;)<\/code><\/pre><p><strong>b)params \u304c\u914d\u5217\u3067\u3042\u308b\u5834\u5408\u3082\u3042\u308b\u3053\u3068\u306b\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u6b21\u306b\u4f8b\u3092\u793a\u3057\u307e\u3059\u3002<\/strong><\/p><p>?user[]=1 \u3092 URL \u306b\u8ffd\u52a0\u3057\u305f\u5834\u5408\u306f\u3001params[:user]\u3002\u30e6\u30fc\u30b6\u30fc\u306f\u5b58\u5728\u3057\u307e\u3059\u304b?\u6b21\u306b\u3001params[:user] \u306f\u30af\u30a8\u30ea SELECT 1 AS one FROM \u201cusers\u201d WHERE (1) LIMIT 1 \u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p><h3><strong>4] \u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS)<\/strong><\/h3><p>XSS \u3092\u5229\u7528\u3059\u308b\u3068\u3001\u653b\u6483\u8005\u306f Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3067\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p><p>Rails \u30d3\u30e5\u30fc \u30b9\u30cb\u30da\u30c3\u30c8 &lt;%= @ flat.title %&gt; \u3092\u8003\u3048\u3066\u307f\u307e\u3057\u3087\u3046\u3002\u30d5\u30e9\u30c3\u30c8\u306e\u30bf\u30a4\u30c8\u30eb\u304c HTML \u306e\u8ffd\u52a0\u3068\u3068\u3082\u306b\u7de8\u96c6\u3055\u308c\u305f\u5834\u5408\u3001\u3053\u306e Rails \u30d3\u30e5\u30fc\u306f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3067\u305d\u306e HTML \u3092\u30ec\u30f3\u30c0\u30ea\u30f3\u30b0\u3057\u307e\u3059\u3002\u3057\u305f\u304c\u3063\u3066\u3001\u30d6\u30e9\u30a6\u30b6\u306f HTML (XSS) \u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p><p>\u5b9f\u969b\u3001\u3053\u308c\u306f\u6700\u8fd1\u306e Rails \u3067\u306f\u307e\u3060\u6a5f\u80fd\u3057\u307e\u305b\u3093\u3002Rails \u30d0\u30fc\u30b8\u30e7\u30f3 2 \u3067\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u3092\u3059\u3079\u3066\u30a8\u30b9\u30b1\u30fc\u30d7\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059: &lt;%= h(@ flat.title) %&gt;<br \/>\u6700\u8fd1\u3067\u306f\u3001Rails \u306b\u306f\u5404\u6587\u5b57\u5217\u306b\u3001\u5b89\u5168\u304b\u3069\u3046\u304b\u3092 HTML \u3068\u3057\u3066\u30de\u30fc\u30af\u3059\u308b\u30d5\u30e9\u30b0 (@ flat.title.html_safe?) \u304c\u4ed8\u5c5e\u3057\u3066\u3044\u307e\u3059\u3002\u5b89\u5168\u3067\u306a\u3044\u5834\u5408 (\u305f\u3068\u3048\u3070\u3001\u30d1\u30e9\u30e1\u30fc\u30bf\u3001\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306a\u3069)\u3001\u6b21\u306e\u65b9\u6cd5\u3067\u4f7f\u7528\u3057\u3066\u3044\u308b\u3068\u304d\u306b\u81ea\u52d5\u7684\u306b\u30a8\u30b9\u30b1\u30fc\u30d7\u3055\u308c\u307e\u3059: &lt;%= @ flat.title %&gt;<br \/>Rails 3.0 \u3067\u306f\u3001XSS \u306b\u5bfe\u3059\u308b\u4fdd\u8b77\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u52d5\u4f5c\u3067\u3059\u3002<\/p><h3><strong>\u5bfe\u7b56<\/strong><\/h3><p><strong>a) \u30b3\u30f3\u30c6\u30f3\u30c4 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30dd\u30ea\u30b7\u30fc (CSP) \u6226\u7565<\/strong><\/p><p>\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 <a href=\"https:\/\/www.railscarma.com\/ja\/%e3%82%af%e3%83%83%e3%82%ad%e3%83%bc%e3%83%9d%e3%83%aa%e3%82%b7%e3%83%bc\/\">\u30dd\u30ea\u30b7\u30fc<\/a> \u306f\u57fa\u672c\u7684\u306b HTTP \u30d8\u30c3\u30c0\u30fc\u306e\u5f62\u5f0f\u3067\u3042\u308a\u3001\u3053\u308c\u306b\u3088\u308a\u3001\u3042\u3089\u3086\u308b\u7a2e\u985e\u306e\u30a2\u30bb\u30c3\u30c8\u306b\u5bfe\u3057\u3066\u3059\u3079\u3066\u306e\u30bd\u30fc\u30b9\u304c\u8a31\u53ef\u3055\u308c\u308b\u3053\u3068\u306b\u95a2\u3059\u308b\u30eb\u30fc\u30eb\u304c\u5ba3\u8a00\u3055\u308c\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30eb\u30fc\u30eb\u306b\u5f93\u3063\u305f\u7d50\u679c\u3001\u305d\u308c\u4ee5\u5916\u306e\u30eb\u30fc\u30eb\u306f\u3059\u3079\u3066\u7981\u6b62\u3055\u308c\u307e\u3059\u3002\u9069\u5207\u306b\u5b9f\u88c5\u3059\u308b\u3068\u3001\u30a2\u30d7\u30ea\u5185\u306e\u3059\u3079\u3066\u306e\u30af\u30ed\u30b9\u30b5\u30a4\u30c8 \u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS) \u8106\u5f31\u6027\u3092\u4e00\u6383\u3067\u304d\u307e\u3059\u3002<\/p><p><strong>b) HTML \u30bb\u30fc\u30d5\u3001ActiveSupport::SafeBuffer<\/strong><\/p><p>ActiveSupport::SafeBuffer \u30e2\u30b8\u30e5\u30fc\u30eb\u306f\u3001\u6587\u5b57\u5217\u306b HTML \u30bb\u30fc\u30d5 \u30d5\u30e9\u30b0\u3092\u8ffd\u52a0\u3059\u308b\u305f\u3081\u306b Rails 3 \u306b\u3088\u3063\u3066\u5c0e\u5165\u3055\u308c\u307e\u3057\u305f\u3002\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001\u7279\u306b\u6587\u5b57\u5217\u306b\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3084\u30d1\u30e9\u30e1\u30fc\u30bf\u306a\u3069\u306e\u5916\u90e8\u30bd\u30fc\u30b9\u304c\u3042\u308b\u5834\u5408\u306f false \u306b\u306a\u308a\u307e\u3059\u3002\u30d5\u30e9\u30b0\u306f\u300cstring\u300d.html_safe?\u3067\u8fd4\u3055\u308c\u307e\u3059\u3002<\/p><p>HTML \u30a8\u30b9\u30b1\u30fc\u30d7 \u30e1\u30bd\u30c3\u30c9 h() \u306f\u3001\u6587\u5b57\u5217\u3092 HTML \u30bb\u30fc\u30d5\u3068\u3057\u3066\u30de\u30fc\u30af\u3059\u308b\u6587\u5b57\u5217\u3092\u30a8\u30b9\u30b1\u30fc\u30d7\u3057\u307e\u3059\u3002<\/p><pre><code>h(&quot;html&gt;&quot;).html_safe? #=&gt; true (&quot;html&gt;&quot;).html_safe? #=&gt;false<\/code><\/pre><p><strong>c) OWASP (Open Web Application Security Project) XSS \u9632\u6b62<\/strong><\/p><p>XSS \u3092\u9632\u6b62\u3059\u308b\u306b\u306f\u3001\u4fe1\u983c\u3067\u304d\u306a\u3044\u30c7\u30fc\u30bf\u3092\u3059\u3079\u3066\u62d2\u5426\u3057\u3001HTML \u3084\u305d\u306e\u4ed6\u306e\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8 (JavaScript\u3001CSS\u3001\u5c5e\u6027\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u306a\u3069) \u306b\u76f4\u63a5\u5165\u308c\u3089\u308c\u306a\u3044\u3088\u3046\u5236\u9650\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p><p><strong>d) HAML \u30c6\u30f3\u30d7\u30ec\u30c3\u30c8\u3067\u306e XSS \u4fdd\u8b77<\/strong><\/p><p>ERB \u3067\u306f\u306a\u304f Haml \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u4f7f\u7528\u3059\u308b\u3068\u3001\u6587\u5b57\u5217\u306f ERB \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3068\u540c\u3058\u65b9\u6cd5\u3067\u81ea\u52d5\u7684\u306b\u30a8\u30b9\u30b1\u30fc\u30d7\u3055\u308c\u307e\u3059\u3002\u307e\u305f\u3001ERB \u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306e\u5834\u5408\u3068\u540c\u69d8\u306b\u3001HTML \u30bb\u30fc\u30d5\u6587\u5b57\u5217 (string.html_safe? \u306f true \u3092\u8fd4\u3059) \u306f\u81ea\u52d5\u7684\u306b\u30b9\u30ad\u30c3\u30d7\u3055\u308c\u307e\u305b\u3093\u3002 Haml \u306e != \u8868\u8a18\u306f\u3001ERB \u3067 &lt;%= raw(\u2026) %&gt; \u304c\u52d5\u4f5c\u3059\u308b\u3088\u3046\u306b\u52d5\u4f5c\u3059\u308b\u305f\u3081\u3001\u30a8\u30b9\u30b1\u30fc\u30d7\u3055\u308c\u3066\u3044\u306a\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u30ec\u30f3\u30c0\u30ea\u30f3\u30b0\u3055\u308c\u307e\u3059\u3002<br \/>\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001<\/p><pre><code>=&quot;<em>\u5f37\u8abf<em>&quot; != &quot;<em>\u5f37\u8abf<em>&quot;<\/em><\/em><\/em><\/em><\/code><\/pre><p>\u30b3\u30f3\u30d1\u30a4\u30eb\u3059\u308b\u3068\u6b21\u306e\u3088\u3046\u306b\u306a\u308a\u307e\u3059:<\/p><pre><code>\u5f37\u8abf<em>\u3055\u308c<\/em><em>\u305f<\/em><\/code><\/pre><p>\u305d\u306e\u305f\u3081\u3001Haml \u3067 != \u3092\u4f7f\u7528\u3059\u308b\u3068\u304d\u306f\u6ce8\u610f\u304c\u5fc5\u8981\u3067\u3001\u30e6\u30fc\u30b6\u30fc \u30c7\u30fc\u30bf\u304c\u30a8\u30b9\u30b1\u30fc\u30d7\u3055\u308c\u305a\u306b\u30ec\u30f3\u30c0\u30ea\u30f3\u30b0\u3055\u308c\u306a\u3044\u3088\u3046\u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\u4ee5\u4e0b\u306f\u3001Rails \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u958b\u767a\u4e2d\u306b\u5bfe\u51e6\u3067\u304d\u308b\u3044\u304f\u3064\u304b\u306e\u4e88\u9632\u7b56\u3067\u3059\u3002<\/p><h5><strong>1]\u8a8d\u8a3c<\/strong><\/h5><p>Device \u307e\u305f\u306f Authlogic gem \u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<br \/>\u2013 \u8a8d\u8a3c\u3092\u6709\u52b9\u306b\u3059\u308b\u306b\u306f\u3001-&gt; \u3092\u8ffd\u52a0\u3059\u308b\u3053\u3068\u3092\u5fd8\u308c\u306a\u3044\u3067\u304f\u3060\u3055\u3044\u3002<\/p><p>\u30af\u30e9\u30b9 ProjectController &lt; ApplicationController<br \/>before_filter :authenticate_user<br \/>\u2013 \u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u3001Devise \u306f\u30d1\u30b9\u30ef\u30fc\u30c9\u306b 6 \u6587\u5b57\u306e\u307f\u3092\u5fc5\u8981\u3068\u3057\u307e\u3059\u3002\u6700\u5c0f\u5024\u306f \/config\/initializers\/devise.rb \u3067\u5909\u66f4\u3067\u304d\u307e\u3059\u3002<br \/>config.password_length = 8..128<br \/>\u2013 \u30e6\u30fc\u30b6\u30fc \u30e2\u30c7\u30eb\u306b\u6b21\u306e\u30b3\u30fc\u30c9\u3092\u8ffd\u52a0\u3059\u308b\u3053\u3068\u3067\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u8907\u96d1\u3055\u3092\u5909\u66f4\u3067\u304d\u307e\u3059\u3002<\/p><pre><code>validate :password_complexity defpassword_complexity ifpassword.present?\u3067\u306f\u306a\u304f\u3001password.match(\/\\A(?=.*[az])(?=.*[AZ])(?=.*\\d).+\\z\/)errors.add :password, &quot;\u3092\u542b\u3081\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u5c11\u306a\u304f\u3068\u3082 1 \u3064\u306e\u5c0f\u6587\u5b57\u30011 \u3064\u306e\u5927\u6587\u5b57\u3001\u304a\u3088\u3073 1 \u3064\u306e\u6570\u5b57&quot; end end<\/code><\/pre><h5><strong>2] \u5b89\u5168\u3067\u306a\u3044\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306e\u76f4\u63a5\u53c2\u7167\u307e\u305f\u306f\u5f37\u5236\u7684\u306a\u30d6\u30e9\u30a6\u30b8\u30f3\u30b0<\/strong><\/h5><p>\u2013 Ruby on Rails \u30a2\u30d7\u30ea\u306f\u3001Restful URL \u69cb\u9020\u3092\u5229\u7528\u3057\u3066\u304a\u308a\u3001\u4f7f\u7528\u3055\u308c\u308b\u30d1\u30b9\u306e\u307b\u3068\u3093\u3069\u304c\u63a8\u6e2c\u53ef\u80fd\u304b\u3064\u76f4\u611f\u7684\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u3057\u305f\u304c\u3063\u3066\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u5225\u306e\u30e6\u30fc\u30b6\u30fc\u306b\u5c5e\u3059\u308b\u30c7\u30fc\u30bf\u306b\u30a2\u30af\u30bb\u30b9\u3057\u305f\u308a\u5909\u66f4\u3057\u3088\u3046\u3068\u3057\u305f\u308a\u3057\u306a\u3044\u3088\u3046\u306b\u3059\u308b\u306b\u306f\u3001\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u7279\u5225\u306b\u5236\u5fa1\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u30d0\u30cb\u30e9\u306e Rails \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u306f\u3001\u3059\u3050\u306b\u4f7f\u3048\u308b\u3053\u306e\u3088\u3046\u306a\u7d44\u307f\u8fbc\u307f\u306e\u4fdd\u8b77\u6a5f\u80fd\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u3055\u3089\u306b\u3001\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30fc\u30ec\u30d9\u30eb\u3067\u624b\u52d5\u3067\u5b9f\u884c\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002<br \/>\u2013 \u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306bcancancan\u307e\u305f\u306fpandit\u3092\u4f7f\u7528\u3059\u308b<\/p><h5><strong>3] \u8cea\u91cf\u306e\u5272\u308a\u5f53\u3066\u3068\u5f37\u529b\u306a\u30d1\u30e9\u30e1\u30fc\u30bf<\/strong><\/h5><pre><code>- class Project &lt; ActiveRecord::Base attr_accessible :name, :admin end<\/code><\/pre><p>\u4e0a\u8a18\u306e\u4f8b\u306b\u3088\u308c\u3070\u3001\u30a2\u30af\u30bb\u30b9\u53ef\u80fd\u306a admin \u5c5e\u6027\u3092\u4f7f\u7528\u3059\u308b\u3068\u3001\u6b21\u306e\u3053\u3068\u304c\u6a5f\u80fd\u3057\u307e\u3059\u3002<br \/>\u2013curl -d \u201cproject[name]=triage&amp;project[admin]=1\u201d host:port\/projects<br \/>\u2013 config.active_record.whitelist_attributes = true<\/p><h5><strong>4] \u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3068\u8ee2\u9001<\/strong><\/h5><p>\u2013 \u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u4f7f\u7528\u3059\u308b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u306e\u4f7f\u7528\u306f\u907f\u3051\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<br \/>\u4f8b:- \/\/www.example.com\/redirect?url=\/\/www.example_commerce_site.com\/checkout<br \/>\u2013 \u5236\u9650\u7684\u306a\u4fdd\u8b77\u3067\u306f\u3001:only_path \u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p><pre><code>begin if path = URI.parse(params[:url]).path redirect_to path endrescue URI::InvalidURIError redirect_to &#039;\/&#039; end<\/code><\/pre><p>\u2013 \u627f\u8a8d\u3055\u308c\u305f\u30b5\u30a4\u30c8\u306e\u30cf\u30c3\u30b7\u30e5\u3092\u4fdd\u6301\u3057\u3001\u305d\u308c\u3089\u306e\u307f\u304c\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3055\u308c\u308b\u3053\u3068\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002<\/p><h5><strong>5] \u52d5\u7684\u30ec\u30f3\u30c0\u30fc\u30d1\u30b9<\/strong><\/h5><p>\u2013 \u4f55\u3089\u304b\u306e\u6761\u4ef6\u306b\u57fa\u3065\u3044\u3066\u30d3\u30e5\u30fc\u3092\u52d5\u7684\u306b\u30ec\u30f3\u30c0\u30ea\u30f3\u30b0\u3059\u308b\u5834\u5408\u306f\u6ce8\u610f\u304c\u5fc5\u8981\u3067\u3059\u3002\u7ba1\u7406\u30d3\u30e5\u30fc\u304c\u8aad\u307f\u8fbc\u307e\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p><h5><strong>6] \u30af\u30ed\u30b9\u30aa\u30ea\u30b8\u30f3\u30ea\u30bd\u30fc\u30b9\u5171\u6709<\/strong><\/h5><p>\u2013 \u30d5\u30a1\u30a4\u30eb\u306e\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306a\u3069\u3002<br \/>\u2013 \u53d7\u4fe1\u30b5\u30a4\u30c8\u306f\u3001\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u306b\u767b\u9332\u3055\u308c\u305f\u30c9\u30e1\u30a4\u30f3\u306e\u307f\u3092\u5236\u9650\u304a\u3088\u3073\u8a31\u53ef\u3057\u3001\u30ea\u30af\u30a8\u30b9\u30c8\u3082\u305d\u308c\u3089\u306e\u30c9\u30e1\u30a4\u30f3\u306e\u307f\u304b\u3089\u9001\u4fe1\u3055\u308c\u308b\u3088\u3046\u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\u2013 OPTIONS \u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5bfe\u3059\u308b\u5fdc\u7b54\u3068 POST \u30ea\u30af\u30a8\u30b9\u30c8\u306e\u4e21\u65b9\u306b Access-Control-Allow-Origin \u30d8\u30c3\u30c0\u30fc\u3082\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u3053\u308c\u306f\u3001\u30ea\u30e2\u30fc\u30c8 \u30b5\u30a4\u30c8\u307e\u305f\u306f\u53d7\u4fe1\u30b5\u30a4\u30c8\u304c\u8981\u6c42\u5143\u306e\u30c9\u30e1\u30a4\u30f3\u3092\u8a31\u53ef\u3059\u308b\u304b\u3069\u3046\u304b\u3092\u5224\u65ad\u3059\u308b\u305f\u3081\u306b\u3001OPTIONS \u8981\u6c42\u304c\u6700\u521d\u306b\u9001\u4fe1\u3055\u308c\u308b\u305f\u3081\u3067\u3059\u3002<br \/>\u2013 POST \u30ea\u30af\u30a8\u30b9\u30c8\u304c\u9001\u4fe1\u3055\u308c\u307e\u3059\u3002\u3082\u3046\u4e00\u5ea6\u8a00\u3044\u307e\u3059\u304c\u3001\u30c8\u30e9\u30f3\u30b6\u30af\u30b7\u30e7\u30f3\u304c\u6210\u529f\u3057\u305f\u3068\u8868\u793a\u3055\u308c\u308b\u305f\u3081\u306b\u306f\u3001\u30d8\u30c3\u30c0\u30fc\u3092\u8a2d\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p><h5><strong>7] \u30d3\u30b8\u30cd\u30b9\u30ed\u30b8\u30c3\u30af\u306e\u30d0\u30b0<\/strong><\/h5><p>\u2013 \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f\u3001\u30d9\u30fc\u30b9\u3068\u306a\u3063\u3066\u3044\u308b\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u306b\u95a2\u4fc2\u306a\u304f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30d0\u30b0\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b\u30d3\u30b8\u30cd\u30b9 \u30ed\u30b8\u30c3\u30af \u30a8\u30e9\u30fc\u3092\u542b\u3080\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u81ea\u52d5\u30c4\u30fc\u30eb\u3092\u4f7f\u7528\u3057\u3066\u3053\u306e\u3088\u3046\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30d0\u30b0\u3092\u691c\u51fa\u3059\u308b\u306e\u306f\u975e\u5e38\u306b\u96e3\u3057\u3044\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002\u30b3\u30fc\u30c9\u306e\u5b9a\u671f\u7684\u306a\u30ec\u30d3\u30e5\u30fc\u3001\u30da\u30a2 \u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u3001\u5358\u4f53\u30c6\u30b9\u30c8\u306e\u4f5c\u6210\u306a\u3069\u306e\u5b9f\u8df5\u306f\u3001\u3053\u306e\u3088\u3046\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30d0\u30b0\u306e\u767a\u751f\u3092\u6700\u5927\u9650\u306b\u56de\u907f\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p><h5><strong>8] \u6a5f\u5bc6\u30d5\u30a1\u30a4\u30eb<\/strong><\/h5><p>\u4ee5\u4e0b\u306f\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u958b\u767a\u4e2d\u306b\u6ce8\u610f\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3044\u304f\u3064\u304b\u306e\u30d5\u30a1\u30a4\u30eb\u3067\u3059\u3002<br \/>\/config\/database.yml - \u904b\u7528\u8a8d\u8a3c\u60c5\u5831\u304c\u542b\u307e\u308c\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\/config\/initializers\/secret_token.rb \u2013 \u30bb\u30c3\u30b7\u30e7\u30f3 Cookie \u3092\u30cf\u30c3\u30b7\u30e5\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u308b\u30b7\u30fc\u30af\u30ec\u30c3\u30c8\u304c\u542b\u307e\u308c\u307e\u3059\u3002<br \/>\/db\/seeds.rb \u2013 \u30d6\u30fc\u30c8\u30b9\u30c8\u30e9\u30c3\u30d7\u7ba1\u7406\u8005\u30e6\u30fc\u30b6\u30fc\u3092\u542b\u3080\u30b7\u30fc\u30c9 \u30c7\u30fc\u30bf\u304c\u542b\u307e\u308c\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\/db\/development.sqlite3 \u2013 \u5b9f\u969b\u306e\u30c7\u30fc\u30bf\u304c\u542b\u307e\u308c\u308b\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002<\/p><h5><strong>9]\u6697\u53f7\u5316<\/strong><\/h5><p>Ruby on Rails \u306f OS \u6697\u53f7\u5316\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002\u6697\u53f7\u5316\u7528\u306e\u72ec\u81ea\u306e\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u306f\u307b\u3068\u3093\u3069\u306a\u3044\u306f\u305a\u3067\u3059\u3002<br \/>Rails \u3092\u66f4\u65b0\u3057\u3001\u4f9d\u5b58\u95a2\u4fc2\u3092\u66f4\u65b0\u3059\u308b\u30d7\u30ed\u30bb\u30b9\u3092\u7528\u610f\u3059\u308b\u3002<\/p><h4><strong>Rails \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u554f\u984c\u3092\u691c\u51fa\u3059\u308b\u30c4\u30fc\u30eb<\/strong><\/h4><ul><li>\u30d6\u30ec\u30fc\u30ad\u30de\u30f3<\/li><li>\u30d0\u30f3\u30c9\u30e9\u30fc\u76e3\u67fb<\/li><li>\u30b3\u30fc\u30c9\u30bb\u30a4\u30af::\u30c9\u30fc\u30f3<\/li><li>\u30e9\u30c3\u30af::\u653b\u6483<\/li><li>\u30bf\u30e9\u30f3\u30c1\u30e5\u30e9<\/li><li>\u30cf\u30ad\u30ea\u30c4\u30fc\u30eb\u30d9\u30eb\u30c8<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bd74efd elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bd74efd\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3a1d5fe5\" data-id=\"3a1d5fe5\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3e7fca60 elementor-widget elementor-widget-heading\" data-id=\"3e7fca60\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">\u6700\u65b0\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u8cfc\u8aad\u3059\u308b<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4f0cf579 elementor-widget elementor-widget-shortcode\" data-id=\"4f0cf579\" data-element_type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t\t\t\t<script type=\"text\/javascript\">\n\t\t\t\t\t\tvar gCaptchaSibWidget;\n                        var onloadSibCallbackInvisible = function () {\n\n                            var element = document.getElementsByClassName('sib-default-btn');\n                            var countInvisible = 0;\n                            var indexArray = [];\n                            jQuery('.sib-default-btn').each(function (index, el) {\n                                if ((jQuery(el).attr('id') == \"invisible\")) {\n                                    indexArray[countInvisible] = index;\n                                    countInvisible++\n                                }\n                            });\n\n                            jQuery('.invi-recaptcha').each(function (index, el) {\n                                grecaptcha.render(element[indexArray[index]], {\n                                    'sitekey': jQuery(el).attr('data-sitekey'),\n                                    'callback': sibVerifyCallback,\n                                });\n                            });\n                        };\n\t\t\t\t\t<\/script>\n\t\t\t\t\t                <script src=\"https:\/\/www.google.com\/recaptcha\/api.js?onload=onloadSibCallbackInvisible&render=explicit\" async defer><\/script>\n\t\t\t\t\n\t\t\t<form id=\"sib_signup_form_1\" method=\"post\" class=\"sib_signup_form\" action=\"\">\n\t\t\t\t<div class=\"sib_loader\" style=\"display:none;\"><img\n\t\t\t\t\t\t\tsrc=\"https:\/\/www.railscarma.com\/wp-includes\/images\/spinner.gif\" alt=\"\u30ed\u30fc\u30c0\"><\/div>\n\t\t\t\t<input type=\"hidden\" name=\"sib_form_action\" value=\"subscribe_form_submit\">\n\t\t\t\t<input type=\"hidden\" name=\"sib_form_id\" value=\"1\">\n                <input type=\"hidden\" name=\"sib_form_alert_notice\" value=\"Please fill out this field\">\n                <input type=\"hidden\" name=\"sib_form_invalid_email_notice\" value=\"Your email address is invalid\">\n                <input type=\"hidden\" name=\"sib_security\" value=\"d7f7626ab9\">\n\t\t\t\t<div class=\"sib_signup_box_inside_1\">\n\t\t\t\t\t<div style=\"\/*display:none*\/\" class=\"sib_msg_disp\">\n\t\t\t\t\t<\/div>\n                                            <div id=\"sib_captcha_invisible\" class=\"invi-recaptcha\" data-sitekey=\"6LdikOAaAAAAAJ6SWrrKVQrtw7TQpQAEnv0HS0G3\"><\/div>\n                    \t\t\t\t\t<p class=\"sib-email-area\">\r\n    <label class=\"sib-email-area\"><\/label>\r\n    <input type=\"email\" class=\"sib-email-area\" name=\"email\" required=\"required\" placeholder=\"\u96fb\u5b50\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\">\r\n<\/p>\r\n<p class=\"sib-NAME-area\">\r\n    <label class=\"sib-NAME-area\"><\/label>\r\n    <input type=\"text\" class=\"sib-NAME-area\" name=\"NAME\" placeholder=\"\u540d\u524d\">\r\n<\/p>\r\n<p>\r\n    <input type=\"submit\" id=\"invisible\" class=\"sib-default-btn\" value=\"\u8cfc\u8aad\u3059\u308b\">\r\n<\/p>\t\t\t\t<\/div>\n\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"ja\"\/><\/form>\n\t\t\t<style>\n\t\t\t\tform#sib_signup_form_1 p.sib-alert-message {\n    padding: 6px 12px;\n    margin-bottom: 20px;\n    border: 1px solid transparent;\n    border-radius: 4px;\n    -webkit-box-sizing: border-box;\n    -moz-box-sizing: border-box;\n    box-sizing: border-box;\n}\nform#sib_signup_form_1 p.sib-alert-message-error {\n    background-color: #f2dede;\n    border-color: #ebccd1;\n    color: #a94442;\n}\nform#sib_signup_form_1 p.sib-alert-message-success {\n    background-color: #dff0d8;\n    border-color: #d6e9c6;\n    color: #3c763d;\n}\nform#sib_signup_form_1 p.sib-alert-message-warning {\n    background-color: #fcf8e3;\n    border-color: #faebcc;\n    color: #8a6d3b;\n}\n\t\t\t<\/style>\n\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t  <div class=\"related-post slider\">\r\n        <div class=\"headline\">\u95a2\u9023\u8a18\u4e8b<\/div>\r\n    <div class=\"post-list owl-carousel\">\r\n\r\n            <div class=\"item\">\r\n            <div class=\"thumb post_thumb\">\r\n    <a  title=\"\u30ab\u30df\u30ca\u30ea\u30b8\u30a7\u30e0\" href=\"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/%e6%8a%80%e8%a1%93%e8%ab%96%e6%96%87\/%e3%82%ab%e3%83%9f%e3%83%8a%e3%83%aa%e3%82%b8%e3%82%a7%e3%83%a0\/?related_post_from=37277\">\r\n\r\n      <img decoding=\"async\" width=\"800\" height=\"300\" src=\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2023\/04\/kaminari-gem.jpg\" class=\"attachment-full size-full wp-post-image\" alt=\"\u30ab\u30df\u30ca\u30ea\u30b8\u30a7\u30e0\" srcset=\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2023\/04\/kaminari-gem.jpg 800w, https:\/\/www.railscarma.com\/wp-content\/uploads\/2023\/04\/kaminari-gem-300x113.jpg 300w, https:\/\/www.railscarma.com\/wp-content\/uploads\/2023\/04\/kaminari-gem-768x288.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\r\n\r\n    <\/a>\r\n  <\/div>\r\n\r\n  <a class=\"title post_title\"  title=\"\u30ab\u30df\u30ca\u30ea\u30b8\u30a7\u30e0\" href=\"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/%e6%8a%80%e8%a1%93%e8%ab%96%e6%96%87\/%e3%82%ab%e3%83%9f%e3%83%8a%e3%83%aa%e3%82%b8%e3%82%a7%e3%83%a0\/?related_post_from=37277\">\r\n        \u30ab\u30df\u30ca\u30ea\u30b8\u30a7\u30e0  <\/a>\r\n\r\n        <\/div>\r\n              <div class=\"item\">\r\n            <div class=\"thumb post_thumb\">\r\n    <a  title=\"\u306a\u305c2026\u5e74\u306bRuby on Rails\u958b\u767a\u8005\u3092\u96c7\u3046\u306e\u304b\uff1f\" href=\"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/%e3%83%ad%e3%83%bc\/why-to-hire-ruby-on-rails-developers\/?related_post_from=30627\">\r\n\r\n      <img decoding=\"async\" width=\"800\" height=\"300\" src=\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2019\/01\/why-to-hire-ruby-on-rails-developers-in-2022.jpg\" class=\"attachment-full size-full wp-post-image\" alt=\"2022 \u5e74\u306b Ruby on Rails \u958b\u767a\u8005\u3092\u96c7\u7528\u3059\u308b\u7406\u7531\" srcset=\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2019\/01\/why-to-hire-ruby-on-rails-developers-in-2022.jpg 800w, https:\/\/www.railscarma.com\/wp-content\/uploads\/2019\/01\/why-to-hire-ruby-on-rails-developers-in-2022-300x113.jpg 300w, https:\/\/www.railscarma.com\/wp-content\/uploads\/2019\/01\/why-to-hire-ruby-on-rails-developers-in-2022-768x288.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\r\n\r\n    <\/a>\r\n  <\/div>\r\n\r\n  <a class=\"title post_title\"  title=\"\u306a\u305c2026\u5e74\u306bRuby on Rails\u958b\u767a\u8005\u3092\u96c7\u3046\u306e\u304b\uff1f\" href=\"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/%e3%83%ad%e3%83%bc\/why-to-hire-ruby-on-rails-developers\/?related_post_from=30627\">\r\n        \u306a\u305c2026\u5e74\u306bRuby on Rails\u958b\u767a\u8005\u3092\u96c7\u3046\u306e\u304b\uff1f  <\/a>\r\n\r\n        <\/div>\r\n              <div class=\"item\">\r\n            <div class=\"thumb post_thumb\">\r\n    <a  title=\"CSV\u51e6\u7406\u306b\u3088\u308bRails\u3067\u306e\u30c7\u30fc\u30bf\u30b9\u30af\u30ec\u30a4\u30d4\u30f3\u30b0\" href=\"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/%e6%8a%80%e8%a1%93%e8%ab%96%e6%96%87\/data-scraping-in-rails-by-processing-csv\/?related_post_from=31591\">\r\n\r\n      <img decoding=\"async\" width=\"800\" height=\"300\" src=\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/09\/DATA-SCRAPING-IN-RAILS-BY-PROCESSING-CSV.png\" class=\"attachment-full size-full wp-post-image\" alt=\"\" srcset=\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/09\/DATA-SCRAPING-IN-RAILS-BY-PROCESSING-CSV.png 800w, https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/09\/DATA-SCRAPING-IN-RAILS-BY-PROCESSING-CSV-300x113.png 300w, https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/09\/DATA-SCRAPING-IN-RAILS-BY-PROCESSING-CSV-768x288.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\r\n\r\n    <\/a>\r\n  <\/div>\r\n\r\n  <a class=\"title post_title\"  title=\"CSV\u51e6\u7406\u306b\u3088\u308bRails\u3067\u306e\u30c7\u30fc\u30bf\u30b9\u30af\u30ec\u30a4\u30d4\u30f3\u30b0\" href=\"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/%e6%8a%80%e8%a1%93%e8%ab%96%e6%96%87\/data-scraping-in-rails-by-processing-csv\/?related_post_from=31591\">\r\n        CSV\u51e6\u7406\u306b\u3088\u308bRails\u3067\u306e\u30c7\u30fc\u30bf\u30b9\u30af\u30ec\u30a4\u30d4\u30f3\u30b0  <\/a>\r\n\r\n        <\/div>\r\n              <div class=\"item\">\r\n            <div class=\"thumb post_thumb\">\r\n    <a  title=\"Ruby on Rails Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4ecb\u3057\u3066\u97f3\u58f0\u901a\u8a71\u3092\u884c\u3046\" href=\"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/%e6%8a%80%e8%a1%93%e8%ab%96%e6%96%87\/ruby-on-rails%e3%82%a6%e3%82%a7%e3%83%96%e3%82%a2%e3%83%97%e3%83%aa%e3%82%b1%e3%83%bc%e3%82%b7%e3%83%a7%e3%83%b3%e3%81%a7%e9%9f%b3%e5%a3%b0%e9%80%9a%e8%a9%b1%e3%82%92%e3%81%99%e3%82%8b\/?related_post_from=31309\">\r\n\r\n      <img decoding=\"async\" width=\"800\" height=\"300\" src=\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/07\/MAKE-VOICE-CALLS-THROUGH-RUBY-ON-RAILS-WEB-APPLICATIONS.png\" class=\"attachment-full size-full wp-post-image\" alt=\"\" srcset=\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/07\/MAKE-VOICE-CALLS-THROUGH-RUBY-ON-RAILS-WEB-APPLICATIONS.png 800w, https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/07\/MAKE-VOICE-CALLS-THROUGH-RUBY-ON-RAILS-WEB-APPLICATIONS-300x113.png 300w, https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/07\/MAKE-VOICE-CALLS-THROUGH-RUBY-ON-RAILS-WEB-APPLICATIONS-768x288.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\r\n\r\n    <\/a>\r\n  <\/div>\r\n\r\n  <a class=\"title post_title\"  title=\"Ruby on Rails Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4ecb\u3057\u3066\u97f3\u58f0\u901a\u8a71\u3092\u884c\u3046\" href=\"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/%e6%8a%80%e8%a1%93%e8%ab%96%e6%96%87\/ruby-on-rails%e3%82%a6%e3%82%a7%e3%83%96%e3%82%a2%e3%83%97%e3%83%aa%e3%82%b1%e3%83%bc%e3%82%b7%e3%83%a7%e3%83%b3%e3%81%a7%e9%9f%b3%e5%a3%b0%e9%80%9a%e8%a9%b1%e3%82%92%e3%81%99%e3%82%8b\/?related_post_from=31309\">\r\n        Ruby on Rails Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4ecb\u3057\u3066\u97f3\u58f0\u901a\u8a71\u3092\u884c\u3046  <\/a>\r\n\r\n        <\/div>\r\n      \r\n  <\/div>\r\n\r\n  <script>\r\n      <\/script>\r\n  <style>\r\n    .related-post {}\r\n\r\n    .related-post .post-list {\r\n      text-align: left;\r\n          }\r\n\r\n    .related-post .post-list .item {\r\n      margin: 10px;\r\n      padding: 10px;\r\n          }\r\n\r\n    .related-post .headline {\r\n      font-size: 14px !important;\r\n      color: #999999 !important;\r\n          }\r\n\r\n    .related-post .post-list .item .post_thumb {\r\n      max-height: 220px;\r\n      margin: 10px 0px;\r\n      padding: 0px;\r\n      display: block;\r\n          }\r\n\r\n    .related-post .post-list .item .post_title {\r\n      font-size: 14px;\r\n      color: #000000;\r\n      margin: 10px 0px;\r\n      padding: 0px;\r\n      display: block;\r\n      text-decoration: none;\r\n          }\r\n\r\n    .related-post .post-list .item .post_excerpt {\r\n      font-size: 12px;\r\n      color: #3f3f3f;\r\n      margin: 10px 0px;\r\n      padding: 0px;\r\n      display: block;\r\n      text-decoration: none;\r\n          }\r\n\r\n    .related-post .owl-dots .owl-dot {\r\n          }\r\n\r\n      <\/style>\r\n      <script>\r\n      jQuery(document).ready(function($) {\r\n        $(\".related-post .post-list\").owlCarousel({\r\n          items: 2,\r\n          responsiveClass: true,\r\n          responsive: {\r\n            0: {\r\n              items: 1,\r\n            },\r\n            768: {\r\n              items: 2,\r\n            },\r\n            1200: {\r\n              items: 2,\r\n            }\r\n          },\r\n                      rewind: true,\r\n                                loop: true,\r\n                                center: false,\r\n                                autoplay: true,\r\n            autoplayHoverPause: true,\r\n                                nav: true,\r\n            navSpeed: 1000,\r\n            navText: ['<i class=\"fas fa-chevron-left\"><\/i>', '<i class=\"fas fa-chevron-right\"><\/i>'],\r\n                                dots: false,\r\n            dotsSpeed: 1200,\r\n                                                    rtl: false,\r\n          \r\n        });\r\n      });\r\n    <\/script>\r\n  <\/div>","protected":false},"excerpt":{"rendered":"<p>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306f\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u6210\u529f\u3068\u6301\u7d9a\u53ef\u80fd\u306a\u958b\u767a\u3092\u76ee\u6307\u3059\u958b\u767a\u8005\u306b\u3068\u3063\u3066\u5927\u304d\u306a\u61f8\u5ff5\u4e8b\u9805\u3067\u3059\u3002\u3059\u3079\u3066\u306e\u958b\u767a\u8005\u306f\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u3042\u3089\u3086\u308b\u653b\u6483\u304b\u3089\u53ef\u80fd\u306a\u9650\u308a\u5b89\u5168\u306b\u306a\u308b\u3088\u3046\u306a\u30b3\u30fc\u30c9\u3092\u4f5c\u6210\u3057\u305f\u3044\u3068\u8003\u3048\u3066\u3044\u307e\u3059\u304c\u3001100% \u306b\u30d0\u30b0\u304c\u306a\u3044\u3001\u307e\u305f\u306f\u5b89\u5168\u306a\u30b3\u30fc\u30c9\u306f\u5b58\u5728\u3057\u307e\u305b\u3093\u3002\u3057\u305f\u304c\u3063\u3066\u3001\u958b\u767a\u8005\u306f\u3001\u653b\u6483\u306b\u5bfe\u3059\u308b\u8106\u5f31\u6027\u3092\u6700\u5c0f\u9650\u306b\u6291\u3048\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4f5c\u6210\u3059\u308b\u305f\u3081\u306b\u6700\u5584\u3092\u5c3d\u304f\u3059\u5fc5\u8981\u304c\u3042\u308b\u3053\u3068\u3092\u8a8d\u8b58\u3057\u3066\u3044\u307e\u3059\u3002\u8106\u5f31\u6027\u306e\u691c\u51fa\u306f\u7c21\u5358\u3067\u3059\u304c\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4fb5\u5bb3\u3084\u30cf\u30c3\u30ad\u30f3\u30b0\u306b\u3088\u308a\u640d\u5931\u304c\u751f\u3058\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u304c\u3001\u5b9a\u671f\u7684\u306a\u54c1\u8cea\u30c1\u30a7\u30c3\u30af\u3092\u5b9f\u65bd\u3059\u308b\u3068\u3068\u3082\u306b\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u958b\u767a\u30d7\u30ed\u30bb\u30b9\u306e\u958b\u59cb\u76f4\u5f8c\u304b\u3089\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u554f\u984c\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u3053\u3068\u304c\u5e38\u306b\u3088\u308a\u826f\u3044\u7406\u7531\u3067\u3059\u3002<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/www.railscarma.com\/ja\/%e3%83%96%e3%83%ad%e3%82%b0\/ruby-on-rails%e3%81%a7%e3%81%ae%e3%82%b5%e3%83%bc%e3%83%89%e3%83%91%e3%83%bc%e3%83%86%e3%82%a3api%e7%b5%b1%e5%90%88%e3%82%bd%e3%83%aa%e3%83%a5%e3%83%bc%e3%82%b7%e3%83%a7%e3%83%b3\/\"> <span class=\"screen-reader-text\">Ruby on Rails\u306b\u304a\u3051\u308b\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3API\u7d71\u5408\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3<\/span> \u3082\u3063\u3068\u8aad\u3080 \"<\/a><\/p>","protected":false},"author":1,"featured_media":31715,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[384],"tags":[382],"class_list":["post-27233","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technical-articles","tag-ruby-on-rails"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Preventing security issues in Rails - RailsCarma - Ruby on Rails Development Company specializing in Offshore Development<\/title>\n<meta name=\"description\" content=\"Security is a major concern for any developer aspiring for successful and\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.railscarma.com\/ja\/\u30d6\u30ed\u30b0\/\u6280\u8853\u8ad6\u6587\/preventing-security-issues-rails\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Preventing security issues in Rails - RailsCarma - Ruby on Rails Development Company specializing in Offshore Development\" \/>\n<meta property=\"og:description\" content=\"Security is a major concern for any developer aspiring for successful and\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.railscarma.com\/ja\/\u30d6\u30ed\u30b0\/\u6280\u8853\u8ad6\u6587\/preventing-security-issues-rails\/\" \/>\n<meta property=\"og:site_name\" content=\"RailsCarma - Ruby on Rails Development Company specializing in Offshore Development\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RailsCarma\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-31T14:05:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-06T09:26:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@railscarma\" \/>\n<meta name=\"twitter:site\" content=\"@railscarma\" \/>\n<meta name=\"twitter:label1\" content=\"\u57f7\u7b46\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"9\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/www.railscarma.com\/#\/schema\/person\/5f2228a2dec7549056e709de6eb85d21\"},\"headline\":\"Preventing security issues in Rails\",\"datePublished\":\"2017-10-31T14:05:41+00:00\",\"dateModified\":\"2022-09-06T09:26:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/\"},\"wordCount\":1668,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.railscarma.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg\",\"keywords\":[\"Ruby on rails\"],\"articleSection\":[\"Technical Articles\"],\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/\",\"url\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/\",\"name\":\"Preventing security issues in Rails - RailsCarma - Ruby on Rails Development Company specializing in Offshore Development\",\"isPartOf\":{\"@id\":\"https:\/\/www.railscarma.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg\",\"datePublished\":\"2017-10-31T14:05:41+00:00\",\"dateModified\":\"2022-09-06T09:26:04+00:00\",\"description\":\"Security is a major concern for any developer aspiring for successful and\",\"breadcrumb\":{\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#primaryimage\",\"url\":\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg\",\"contentUrl\":\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg\",\"width\":800,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.railscarma.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Preventing security issues in Rails\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.railscarma.com\/#website\",\"url\":\"https:\/\/www.railscarma.com\/\",\"name\":\"RailsCarma - Ruby on Rails Development Company specializing in Offshore Development\",\"description\":\"RailsCarma is a Ruby on Rails Development Company in Bangalore. We specialize in Offshore Ruby on Rails Development based out in USA and India. Hire experienced Ruby on Rails developers for the ultimate Web Experience.\",\"publisher\":{\"@id\":\"https:\/\/www.railscarma.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.railscarma.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.railscarma.com\/#organization\",\"name\":\"RailsCarma\",\"url\":\"https:\/\/www.railscarma.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/www.railscarma.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/08\/railscarma_logo.png\",\"contentUrl\":\"https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/08\/railscarma_logo.png\",\"width\":200,\"height\":46,\"caption\":\"RailsCarma\"},\"image\":{\"@id\":\"https:\/\/www.railscarma.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/RailsCarma\/\",\"https:\/\/x.com\/railscarma\",\"https:\/\/www.linkedin.com\/company\/railscarma\/\",\"https:\/\/myspace.com\/railscarma\",\"https:\/\/in.pinterest.com\/railscarma\/\",\"https:\/\/www.youtube.com\/channel\/UCx3Wil-aAnDARuatTEyMdpg\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.railscarma.com\/#\/schema\/person\/5f2228a2dec7549056e709de6eb85d21\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/www.railscarma.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/308867ca6c81f3aba146080c601000087180326f752c4116849ea9f514c6a4fa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/308867ca6c81f3aba146080c601000087180326f752c4116849ea9f514c6a4fa?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/www.railscarma.com\/hire-ruby-on-rails-developer\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Preventing security issues in Rails - RailsCarma - Ruby on Rails Development Company specializing in Offshore Development","description":"Security is a major concern for any developer aspiring for successful and","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.railscarma.com\/ja\/\u30d6\u30ed\u30b0\/\u6280\u8853\u8ad6\u6587\/preventing-security-issues-rails\/","og_locale":"ja_JP","og_type":"article","og_title":"Preventing security issues in Rails - RailsCarma - Ruby on Rails Development Company specializing in Offshore Development","og_description":"Security is a major concern for any developer aspiring for successful and","og_url":"https:\/\/www.railscarma.com\/ja\/\u30d6\u30ed\u30b0\/\u6280\u8853\u8ad6\u6587\/preventing-security-issues-rails\/","og_site_name":"RailsCarma - Ruby on Rails Development Company specializing in Offshore Development","article_publisher":"https:\/\/www.facebook.com\/RailsCarma\/","article_published_time":"2017-10-31T14:05:41+00:00","article_modified_time":"2022-09-06T09:26:04+00:00","og_image":[{"width":800,"height":300,"url":"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg","type":"image\/jpeg"}],"author":"admin","twitter_card":"summary_large_image","twitter_creator":"@railscarma","twitter_site":"@railscarma","twitter_misc":{"\u57f7\u7b46\u8005":"admin","\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"9\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#article","isPartOf":{"@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/"},"author":{"name":"admin","@id":"https:\/\/www.railscarma.com\/#\/schema\/person\/5f2228a2dec7549056e709de6eb85d21"},"headline":"Preventing security issues in Rails","datePublished":"2017-10-31T14:05:41+00:00","dateModified":"2022-09-06T09:26:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/"},"wordCount":1668,"commentCount":0,"publisher":{"@id":"https:\/\/www.railscarma.com\/#organization"},"image":{"@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#primaryimage"},"thumbnailUrl":"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg","keywords":["Ruby on rails"],"articleSection":["Technical Articles"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/","url":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/","name":"Preventing security issues in Rails - RailsCarma - Ruby on Rails Development Company specializing in Offshore Development","isPartOf":{"@id":"https:\/\/www.railscarma.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#primaryimage"},"image":{"@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#primaryimage"},"thumbnailUrl":"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg","datePublished":"2017-10-31T14:05:41+00:00","dateModified":"2022-09-06T09:26:04+00:00","description":"Security is a major concern for any developer aspiring for successful and","breadcrumb":{"@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#primaryimage","url":"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg","contentUrl":"https:\/\/www.railscarma.com\/wp-content\/uploads\/2017\/10\/Preventing-security-issues-in-Rails.jpg","width":800,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/www.railscarma.com\/blog\/technical-articles\/preventing-security-issues-rails\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.railscarma.com\/"},{"@type":"ListItem","position":2,"name":"Preventing security issues in Rails"}]},{"@type":"WebSite","@id":"https:\/\/www.railscarma.com\/#website","url":"https:\/\/www.railscarma.com\/","name":"RailsCarma - \u30aa\u30d5\u30b7\u30e7\u30a2\u958b\u767a\u306b\u7279\u5316\u3057\u305f Ruby on Rails \u958b\u767a\u4f1a\u793e","description":"RailsCarma \u306f\u30d0\u30f3\u30ac\u30ed\u30fc\u30eb\u306e Ruby on Rails \u958b\u767a\u4f1a\u793e\u3067\u3059\u3002\u5f53\u793e\u306f\u7c73\u56fd\u3068\u30a4\u30f3\u30c9\u3092\u62e0\u70b9\u3068\u3059\u308b\u30aa\u30d5\u30b7\u30e7\u30a2 Ruby on Rails \u958b\u767a\u3092\u5c02\u9580\u3068\u3057\u3066\u3044\u307e\u3059\u3002\u7d4c\u9a13\u8c4a\u5bcc\u306a Ruby on Rails \u958b\u767a\u8005\u3092\u96c7\u3063\u3066\u3001\u7a76\u6975\u306e Web \u30a8\u30af\u30b9\u30da\u30ea\u30a8\u30f3\u30b9\u3092\u5b9f\u73fe\u3057\u307e\u3057\u3087\u3046\u3002","publisher":{"@id":"https:\/\/www.railscarma.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.railscarma.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Organization","@id":"https:\/\/www.railscarma.com\/#organization","name":"\u30ec\u30fc\u30eb\u30ab\u30fc\u30de","url":"https:\/\/www.railscarma.com\/","logo":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.railscarma.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/08\/railscarma_logo.png","contentUrl":"https:\/\/www.railscarma.com\/wp-content\/uploads\/2020\/08\/railscarma_logo.png","width":200,"height":46,"caption":"RailsCarma"},"image":{"@id":"https:\/\/www.railscarma.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RailsCarma\/","https:\/\/x.com\/railscarma","https:\/\/www.linkedin.com\/company\/railscarma\/","https:\/\/myspace.com\/railscarma","https:\/\/in.pinterest.com\/railscarma\/","https:\/\/www.youtube.com\/channel\/UCx3Wil-aAnDARuatTEyMdpg"]},{"@type":"Person","@id":"https:\/\/www.railscarma.com\/#\/schema\/person\/5f2228a2dec7549056e709de6eb85d21","name":"\u7ba1\u7406\u8005","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.railscarma.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/308867ca6c81f3aba146080c601000087180326f752c4116849ea9f514c6a4fa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/308867ca6c81f3aba146080c601000087180326f752c4116849ea9f514c6a4fa?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/www.railscarma.com\/hire-ruby-on-rails-developer\/"]}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/posts\/27233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/comments?post=27233"}],"version-history":[{"count":0,"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/posts\/27233\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/media\/31715"}],"wp:attachment":[{"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/media?parent=27233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/categories?post=27233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.railscarma.com\/ja\/wp-json\/wp\/v2\/tags?post=27233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}