RE: AN INTRODUCTION TO CONTENT SECURITY POLICY

¾È³çÇϼ¼¿ä.

¸»¾¸ÇϽŠ°Íó·³ same origin policy°¡ ´ë¿øÄ¢Àε¥, legacy code¿Í ±× µ¿¾ÈÀÇ
½À°ü ¶§¹®¿¡ À̸¦ enforceÇÏ´Â °ÍÀÌ ½±Áö ¾ÊÀº »óȲÀÎ °ÍÀ¸·Î º¸ÀÔ´Ï´Ù.

Á¦°¡ ÀÌÇØÇϱâ·Î´Â CORS³ª CSP³ª ¸ðµÎ HTTP header·Î µ¿ÀÛÇϱ⠶§¹®¿¡ ¼­¹ö
Áö¿øÀÌ ÇÊ¿äÇÕ´Ï´Ù¸¸, ¼­¹ö¿¡¼­ ±¸ÇöÇÒ ³»¿ëÀº ¾ó¸¶ µÇÁö ¾ÊÀ» °Í °°½À´Ï´Ù.

CORS¿Í CSPÀÇ Â÷ÀÌÁ¡Àº CORS´Â resource¸¦ ÁÖ´Â ÂÊ (Æ÷ÇԵǴ ÂÊ), CSP´Â ¹Þ´Â
ÂÊ (Æ÷ÇÔÇÏ´Â ÂÊ)ÀÇ policy¶ó´Â Á¡ÀÔ´Ï´Ù.  ÀúÇÑÅ×´Â CSP°¡ ´õ Á÷°üÀûÀ̳׿ä.

°¨»çÇÕ´Ï´Ù.

 

À̵¿¿µ µå¸²

 

From: Wonsuk Lee [mailto:wonsuk73@gmail.com] 
Sent: Saturday, November 17, 2012 4:04 PM
To: public-html-ig-ko@w3.org
Subject: AN INTRODUCTION TO CONTENT SECURITY POLICY

 

¾È³çÇϼ¼¿ä.

Web App¿¡¼­ º¸¾È¿¡ ´ëÇÑ À̽´µéÀÌ ÀÖ½À´Ï´Ù. °¡Àå ÀϹÝÀûÀÎ °³³äÀº same origin
policyÀ̸ç, ÀÌ¿Ü¿¡µµ CORS(Cross Origin Resource Sharing)ÀÌ Àִµ¥ CORSÀÇ
°³³äÀº Server¿¡¼­ °ü·Ã ±â´ÉÀ» Áö¿øÇØ¾ß Çϱ⠶§¹®¿¡ DeployÇϱⰡ ½±Áö ¾Ê´Ù´Â
´ÜÁ¡ÀÌ ÀÖ½À´Ï´Ù. ÀÌ·± »óȲ¿¡¼­ CSP(CONTENT SECURITY POLICY)°¡ Áß¿äÇÑ
Ç¥ÁØÀ¸·Î ´ëµÎ°¡ µÇ°í ÀÖ½À´Ï´Ù.  ¸¶Ä§ HTML5ROCKS¿¡ Àß Á¤¸®µÈ articleÀÌ ÀÖ¾î
°¡´ÉÇϸé Â÷±â KIG ȸÀÇ¿¡¼­ º» ³»¿ëÀ» ´Ù·ç¾úÀ¸¸é ÇÕ´Ï´Ù~^^

[1], [2] ³»¿ëÀ» ±â¹ÝÀ¸·Î Á¤¸®ÇØÁÖ½Ç Volunteer¸¦ ã½À´Ï´Ù~^^

 

[1] http://www.html5rocks.com/en/tutorials/security/content-security-policy/


[2] http://www.w3.org/TR/CSP/


 

 

ÀÌ¿ø¼® µå¸².

Received on Monday, 19 November 2012 01:06:27 UTC