리비전 비교

Using Content Security Policy

Change Revisions

리비전 439971:

리비전 439971 Androidbee

리비전 439973:

리비전 439973 Androidbee

제목:
Using Content Security Policy
Using Content Security Policy
슬러그:
Security/CSP/Using_Content_Security_Policy
Security/CSP/Using_Content_Security_Policy
내용:

리비전 (439971):
리비전 (439973):
n11      Configuring Content Security 정책은 어떤 정책을 실행하게 할 것인지를 결정하는 것을n11      Content Security Policy을 설정하는 것은 어떤 정책을 실행하게 할 것인지를 결정하는 것을
> 포함하고 이런 정책 실행 부분을&nbsp;<span style="font-family: 'Courier New', > 포함하고 이런 정책 실행 부분을&nbsp;<span style="font-family: 'Courier New', 
>'Andale Mono', monospace; line-height: inherit;">Content-Security>'Andale Mono', monospace; line-height: inherit;">Content-Security
>-Policy 헤더를 사용해서 정책을 실행하게 설정하는 것입니다.</span>>-Policy 헤더를 사용해서 정책을 실행하게 설정하는 것입니다.</span>
n85      An administrator for an online banking site wants to ensuren85      온라인 뱅킹 사이트의 관리자가 사용자의 사이트 접속시 공격자가 내용을 엳듣는 것을 방지하기 위해서, 사이트
> that all its content is loaded using&nbsp;SSL, in order to preve>의 모든 콘텐츠가 SSL을 사용해서 전달되도록 하기를 원한다면 다음과 같습니다.&nbsp;
>nt attackers from eavesdropping on requests. 
n91      The server only permits access to documents being loaded spn91      기본 콘텐츠가 전달되는 곳은 지정된&nbsp;<span style="line-height: inherit;
>ecifically over HTTPS through the single domain onlinebanking.jum>">onlinebanking.jumbobank.com 가&nbsp;</span><span style="line-hei
>bobank.com.>ght: inherit;">HTTPS를 통해서만 사용하도록 정하고 있다.</span>
n97      웹 메일 사이트의 관리자가 이메일 안의 HTML을 사용하게 하려하고 이미지는 어느 서버에서나 적재할 수 있n97      웹 메일 사이트의 관리자가 이메일 안의 HTML을 사용하게 하려하고 이미지는 어느 서버에서나 적재할 수 있
>지만 Javascript 혹은 다른 An administrator of a web mail site wants to >지만 Javascript 혹은 다른 잠재적이고 위험한 콘텐츠가 아닌 곳에서는 허용하지 않는다.&nbsp;
>allow HTML&nbsp;in email, as well as images loaded from anywhere, 
> but not JavaScript or other potentially dangerous content. 
t103      Note that this example doesn't specify a <a href="/en/Securt103      이 예제는 CSP에&nbsp;<a href="/en/Security/CSP/CSP_policy_direct
>ity/CSP/CSP_policy_directives#script-src" title="en/Security/CSP/>ives#script-src" style="line-height: inherit;" title="en/Security
>CSP policy directives#script-src"><code>script-src</code></a>; wi>/CSP/CSP policy directives#script-src"><code style="font-size: 14
>th the example CSP, this site uses the setting specified by the <>px;">script-src</code></a><span style="line-height: inherit;">;를 
>a href="/en/Security/CSP/CSP_policy_directives#allow" title="en/S>이용하지 않았지만 이 사이트는 &nbsp;</span><code style="line-height: inherit; 
>ecurity/CSP/CSP policy directives#allow"><code>default-src</code>>font-size: 14px;"><a href="/en/Security/CSP/CSP_policy_directives
></a> directive, which means that scripts can be loaded only from >#allow" style="line-height: inherit;" title="en/Security/CSP/CSP 
>the originating server.>policy directives#allow">default-src</a>&nbsp;디렉티브에 명시되어 설정된다. 이 
 >의미는 스크립트들은 콘텐츠가 적재된 원래 서버에서만 적재될 수 있다는 의미이다.</code>

이력으로 돌아가기