\ubc31\uc5d4\ub4dc \uc11c\ube44\uc2a4\uc5d0\uc11c \uc0ac\uc6a9\ud558\ub294 \ub370\uc774\ud130 \uc554\ud638\ud654<\/h1>\n

\ubc31\uc5d4\ub4dc \uc11c\ube44\uc2a4\uc5d0\uc11c\ub294 \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub97c \ub2e4\ub8e8\uae30 \ub54c\ubb38\uc5d0 \ubcf4\uc548\uc774 \ub9e4\uc6b0 \uc911\uc694\ud569\ub2c8\ub2e4. \ub370\uc774\ud130\ub97c \uc800\uc7a5\ud558\uac70\ub098 \uc804\uc1a1\ud560 \ub54c \uc554\ud638\ud654\ub97c \uc801\uc6a9\ud558\ub294 \uac83\uc740 \ubbfc\uac10\ud55c \uc815\ubcf4\ub97c \ubcf4\ud638\ud558\ub294 \ub370 \ub9e4\uc6b0 \uc911\uc694\ud569\ub2c8\ub2e4. \uc774\ubc88 \uae00\uc5d0\uc11c\ub294 \ubc31\uc5d4\ub4dc \uc11c\ube44\uc2a4\uc5d0 \uc801\uc6a9\ud558\ub294 \ub370\uc774\ud130 \uc554\ud638\ud654 \ubc29\ubc95\uc5d0 \ub300\ud574 \uc54c\uc544\ubcf4\uaca0\uc2b5\ub2c8\ub2e4.<\/p>\n

\uc554\ud638\ud654\ub780?<\/h2>\n

\uc554\ud638\ud654\ub294 \uc554\ud638\ud654\ud560 \ub370\uc774\ud130\ub97c \ub2e4\ub978 \ud615\ud0dc\ub85c \ubcc0\ud658\ud558\ub294 \uacfc\uc815\uc744 \uc758\ubbf8\ud569\ub2c8\ub2e4. \uc774 \uacfc\uc815\uc5d0\uc11c \ub370\uc774\ud130\ub97c \ubcc0\ud658\ud558\ub294 \ud0a4\ub97c \uc0ac\uc6a9\ud558\uc5ec \uc554\ud638\ubb38\uc744 \uc0dd\uc131\ud558\uace0, \uc774\ub97c \uc5ed\uc73c\ub85c \ud574\ub3c5\ud560 \uc218 \uc788\ub294 \ubcf5\ud638\ud654 \ud0a4\ub97c \uac00\uc9c0\uace0 \uc788\uc5b4\uc57c \ud569\ub2c8\ub2e4. \uc774\ub97c \ud1b5\ud574 \ub370\uc774\ud130\ub97c \uc548\uc804\ud558\uac8c \ubcf4\ud638\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n

\ub300\uce6d\ud0a4\uc640 \uacf5\uac1c\ud0a4 \ubc29\uc2dd\uc758 \uc554\ud638\ud654<\/h2>\n

\ub370\uc774\ud130\ub97c \uc554\ud638\ud654\ud558\ub294 \ubc29\ubc95\uc5d0\ub294 \ub300\uce6d\ud0a4\uc640 \uacf5\uac1c\ud0a4 \ubc29\uc2dd\uc774 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n

\ub300\uce6d\ud0a4 \ubc29\uc2dd<\/h3>\n

\ub300\uce6d\ud0a4 \ubc29\uc2dd\uc740 \uc554\ud638\ud654\uc640 \ubcf5\ud638\ud654\uc5d0 \uac19\uc740 \ud0a4\ub97c \uc0ac\uc6a9\ud558\ub294 \ubc29\uc2dd\uc785\ub2c8\ub2e4. \uc774 \ubc29\uc2dd\uc740 \uac04\ub2e8\ud558\uace0 \ube60\ub974\uc9c0\ub9cc, \ud0a4\ub97c \uacf5\uc720\ud560 \uc218 \uc788\ub294 \uc2e0\ub8b0\ud560 \uc218 \uc788\ub294 \ucc44\ub110\uc774 \ud544\uc694\ud569\ub2c8\ub2e4. \ub610\ud55c, \ud0a4\uac00 \uc720\ucd9c\ub418\uba74 \ub370\uc774\ud130\uac00 \ub178\ucd9c\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n

import base64\nfrom Crypto.Cipher import AES\n\nkey = 'mysecretpassword'\ndata = 'sensitive data'\n\n# key\ub97c base64\ub85c \uc778\ucf54\ub529\ud558\uc5ec 16\ubc14\uc774\ud2b8\ub85c \ub9cc\ub4e6\nkey = base64.b64encode(key.encode('utf-8'))[:16]\n\n# AES\ub85c \ub370\uc774\ud130\ub97c \uc554\ud638\ud654\ncipher = AES.new(key, AES.MODE_EAX)\nciphertext, tag = cipher.encrypt_and_digest(data.encode('utf-8'))\n\n# \uc554\ud638\ubb38\uacfc tag\ub97c base64\ub85c \uc778\ucf54\ub529\ud558\uc5ec \uc804\uc1a1\nciphertext = base64.b64encode(ciphertext).decode('utf-8')\ntag = base64.b64encode(tag).decode('utf-8')<\/code><\/pre>\n
\uacf5\uac1c\ud0a4 \ubc29\uc2dd<\/h3>\n
\uacf5\uac1c\ud0a4 \ubc29\uc2dd\uc740 \uc554\ud638\ud654\uc640 \ubcf5\ud638\ud654\uc5d0 \ub2e4\ub978 \ud0a4\ub97c \uc0ac\uc6a9\ud558\ub294 \ubc29\uc2dd\uc785\ub2c8\ub2e4. \uc774 \ubc29\uc2dd\uc740 \ub300\uce6d\ud0a4 \ubc29\uc2dd\uc758 \ubb38\uc81c\uc810\uc744 \ud574\uacb0\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uacf5\uac1c\ud0a4\ub294 \uacf5\uac1c\ub418\uc5b4 \uc788\uace0, \uac1c\uc778\ud0a4\ub294 \ubcf4\uc548\uc774 \uc720\uc9c0\ub429\ub2c8\ub2e4. \uacf5\uac1c\ud0a4\ub85c \uc554\ud638\ud654\ub41c \ub370\uc774\ud130\ub294 \uac1c\uc778\ud0a4\ub85c\ub9cc \ubcf5\ud638\ud654\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
from Crypto.PublicKey import RSA\nfrom Crypto.Cipher import PKCS1_OAEP\n\nkey = RSA.generate(2048)\n\n# \uacf5\uac1c\ud0a4\uc640 \uac1c\uc778\ud0a4 \uc0dd\uc131\npublic_key = key.publickey().export_key()\nprivate_key = key.export_key()\n\ndata = 'sensitive data'\n\n# \uacf5\uac1c\ud0a4\ub85c \ub370\uc774\ud130\ub97c \uc554\ud638\ud654\ncipher = PKCS1_OAEP.new(RSA.import_key(public_key))\nciphertext = cipher.encrypt(data.encode('utf-8'))\n\n# \uac1c\uc778\ud0a4\ub85c \ub370\uc774\ud130\ub97c \ubcf5\ud638\ud654\ncipher = PKCS1_OAEP.new(RSA.import_key(private_key))\nplaintext = cipher.decrypt(ciphertext).decode('utf-8')<\/code><\/pre>\n
SSL\/TLS \ud504\ub85c\ud1a0\ucf5c\uc744 \uc774\uc6a9\ud55c \uc548\uc804\ud55c \ub370\uc774\ud130 \uc804\uc1a1<\/h2>\n
\ub370\uc774\ud130\ub97c \uc804\uc1a1\ud560 \ub54c\ub3c4 \uc554\ud638\ud654\ub97c \uc801\uc6a9\ud574\uc57c \ud569\ub2c8\ub2e4. SSL\/TLS \ud504\ub85c\ud1a0\ucf5c\uc744 \uc774\uc6a9\ud558\uba74 \uc548\uc804\ud558\uac8c \ub370\uc774\ud130\ub97c \uc804\uc1a1\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
SSL\/TLS\ub780?<\/h3>\n
SSL(Secure Socket Layer)\uc740 \uc6f9\uc5d0\uc11c \ub370\uc774\ud130\ub97c \ubcf4\ud638\ud558\uae30 \uc704\ud55c \uc554\ud638\ud654 \ud504\ub85c\ud1a0\ucf5c\uc785\ub2c8\ub2e4. 1994\ub144\uc5d0 \ub137\uc2a4\ucf00\uc774\ud504\uc5d0\uc11c \ucc98\uc74c \uac1c\ubc1c\ub418\uc5c8\uc73c\uba70, 1999\ub144\uc5d0 IETF(Internet Engineering Task Force)\uc5d0\uc11c TLS(Transport Layer Security)\ub85c \ud45c\uc900\ud654\ub418\uc5c8\uc2b5\ub2c8\ub2e4. SSL\/TLS\ub294 \uc11c\ubc84\uc640 \ud074\ub77c\uc774\uc5b8\ud2b8 \uc0ac\uc774\uc758 \ud1b5\uc2e0\uc744 \uc554\ud638\ud654\ud558\uace0, \uc778\uc99d\uacfc \ub370\uc774\ud130 \ubb34\uacb0\uc131\uc744 \ubcf4\uc7a5\ud569\ub2c8\ub2e4.<\/p>\n
SSL\/TLS \uc801\uc6a9\ud558\uae30<\/h3>\n
SSL\/TLS\ub294 \uc11c\ubc84\uc640 \ud074\ub77c\uc774\uc5b8\ud2b8 \uc0ac\uc774\uc758 \ud1b5\uc2e0\uc744 \uc554\ud638\ud654\ud558\ubbc0\ub85c, \uc11c\ubc84\uc5d0\uc11c SSL\/TLS\ub97c \uc801\uc6a9\ud574\uc57c \ud569\ub2c8\ub2e4. Flask\uc5d0\uc11c\ub294 Flask-SSLify\ub97c \uc0ac\uc6a9\ud558\uc5ec SSL\/TLS\ub97c \uc801\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
from flask import Flask\nfrom flask_sslify import SSLify\n\napp = Flask(__name__)\nsslify = SSLify(app)\n\n@app.route('\/')\ndef index():\n    return 'Hello, World!'<\/code><\/pre>\n
\uc774\uc81c \uc11c\ubc84\uc5d0 SSL\/TLS\ub97c \uc801\uc6a9\ud558\uba74, \ud074\ub77c\uc774\uc5b8\ud2b8\uc640\uc758 \ud1b5\uc2e0\uc774 \uc554\ud638\ud654\ub429\ub2c8\ub2e4.<\/p>\n
\ubbfc\uac10\ud55c \uc815\ubcf4\ub97c \uc704\ud55c \ubcf4\uc548 \uac15\ud654<\/h2>\n
\ub370\uc774\ud130 \uc554\ud638\ud654 \uc678\uc5d0\ub3c4 \ubbfc\uac10\ud55c \uc815\ubcf4\ub97c \ubcf4\ud638\ud558\uae30 \uc704\ud574 \ub2e4\uc74c\uacfc \uac19\uc740 \ubcf4\uc548 \uac15\ud654 \ubc29\ubc95\uc744 \uc801\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n
\ube44\ubc00\ubc88\ud638 \ud574\uc2f1<\/h3>\n
\ube44\ubc00\ubc88\ud638\ub97c \uc800\uc7a5\ud560 \ub54c\ub294 \ud574\uc2f1\uc744 \uc801\uc6a9\ud558\uc5ec \uc800\uc7a5\ud574\uc57c \ud569\ub2c8\ub2e4. \ud574\uc2f1\uc740 \uc554\ud638\ud654\uc640 \ube44\uc2b7\ud558\uc9c0\ub9cc, \ub2e8\ubc29\ud5a5 \ud568\uc218\ub97c \uc0ac\uc6a9\ud558\uc5ec \ub370\uc774\ud130\ub97c \ubcc0\ud658\ud569\ub2c8\ub2e4. \uc774\ub97c \ud1b5\ud574 \uc6d0\ubcf8 \ub370\uc774\ud130\ub97c \uc54c \uc218 \uc5c6\uac8c \ub429\ub2c8\ub2e4. \uc0ac\uc6a9\uc790\uac00 \ub85c\uadf8\uc778\ud560 \ub54c \uc785\ub825\ud55c \ube44\ubc00\ubc88\ud638\ub97c \ud574\uc2f1\ud558\uc5ec \uc800\uc7a5\ub41c \ud574\uc2dc\uc640 \ube44\uad50\ud558\uc5ec \uc778\uc99d\ud569\ub2c8\ub2e4.<\/p>\n
import hashlib\n\npassword = 'mysecretpassword'\n\n# SHA-256\uc73c\ub85c \ud574\uc2f1\nhashed_password = hashlib.sha256(password.encode('utf-8')).hexdigest()<\/code><\/pre>\n
SQL Injection \ubc29\uc5b4<\/h3>\n
SQL Injection\uc740 \ud574\ucee4\uac00 SQL \ucffc\ub9ac\ub97c \uc545\uc6a9\ud558\uc5ec \ub370\uc774\ud130\ubca0\uc774\uc2a4\ub97c \uacf5\uaca9\ud558\ub294 \uae30\ubc95\uc785\ub2c8\ub2e4. \uc774\ub97c \ubc29\uc5b4\ud558\uae30 \uc704\ud574 SQL Injection \uacf5\uaca9\uc5d0 \ucde8\uc57d\ud55c \ucf54\ub4dc\ub97c \uc218\uc815\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n
import sqlite3\n\nconn = sqlite3.connect('mydatabase.db')\n\n# \ucde8\uc57d\ud55c \ucf54\ub4dc\nusername = request.form['username']\npassword = request.form['password']\nquery = f\"SELECT * FROM users WHERE username='{username}' AND password='{password}'\"\nresult = conn.execute(query)\n\n# \ubc29\uc5b4\ub41c \ucf54\ub4dc\nusername = request.form['username']\npassword = request.form['password']\nquery = \"SELECT * FROM users WHERE username=? AND password=?\"\nresult = conn.execute(query, (username, password))<\/code><\/pre>\n
CSRF \ubc29\uc5b4<\/h3>\n
CSRF(Cross-Site Request Forgery)\ub294 \ud574\ucee4\uac00 \uc0ac\uc6a9\uc790\uc758 \uad8c\ud55c\uc744 \uc774\uc6a9\ud558\uc5ec \uc545\uc131 \uc694\uccad\uc744 \ubcf4\ub0b4\ub294 \uae30\ubc95\uc785\ub2c8\ub2e4. \uc774\ub97c \ubc29\uc5b4\ud558\uae30 \uc704\ud574 CSRF \ud1a0\ud070\uc744 \uc0ac\uc6a9\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n
\n  Submit\n<\/code><\/pre>\n
from flask_wtf.csrf import CSRFProtect\n\napp = Flask(__name__)\ncsrf = CSRFProtect(app)\n\n@app.route('\/submit', methods=['POST'])\n@csrf.exempt\ndef submit():\n    data = request.form['data']\n    return data<\/code><\/pre>\n
\uacb0\ub860<\/h2>\n
\uc774\ubc88 \uae00\uc5d0\uc11c\ub294 \ubc31\uc5d4\ub4dc \uc11c\ube44\uc2a4\uc5d0\uc11c \uc0ac\uc6a9\ud558\ub294 \ub370\uc774\ud130 \uc554\ud638\ud654 \ubc29\ubc95\uacfc \ubbfc\uac10\ud55c \uc815\ubcf4\ub97c \ubcf4\ud638\ud558\uae30 \uc704\ud55c \ubcf4\uc548 \uac15\ud654 \ubc29\ubc95\uc5d0 \ub300\ud574 \uc54c\uc544\ubcf4\uc558\uc2b5\ub2c8\ub2e4. \ub370\uc774\ud130\ub97c \uc548\uc804\ud558\uac8c \ubcf4\ud638\ud558\uae30 \uc704\ud574\uc11c\ub294 \uc554\ud638\ud654\uc640 \ubcf4\uc548 \uac15\ud654\uac00 \ud544\uc218\uc801\uc785\ub2c8\ub2e4. \ub370\uc774\ud130\ub97c \ub2e4\ub8e8\ub294 \ubaa8\ub4e0 \uac1c\ubc1c\uc790\ub4e4\uc740 \ubcf4\uc548\uc5d0 \ub300\ud55c \uc911\uc694\uc131\uc744 \uc778\uc2dd\ud558\uace0, \ubcf4\uc548\uc5d0 \ub300\ud55c \uc9c0\uc2dd\uc744 \uc2b5\ub4dd\ud558\uc5ec \uc548\uc804\ud55c \uc11c\ube44\uc2a4\ub97c \uc81c\uacf5\ud574\uc57c \ud569\ub2c8\ub2e4. <\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\ubc31\uc5d4\ub4dc \uc11c\ube44\uc2a4\uc5d0 \uc801\uc6a9\ud558\ub294 \ub370\uc774\ud130 \uc554\ud638\ud654: \ubbfc\uac10\ud55c \uc815\ubcf4 \ubcf4\ud638\ud558\uae30<\/p>\n","protected":false},"author":1,"featured_media":12882,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1957],"tags":[5898,2104,2076,2105,2149,6171,2079,906,5979],"class_list":["post-39218","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-development","tag-backend","tag-data","tag-from","tag-java","tag-methods","tag-msa","tag-security","tag-world","tag-5979"],"acf":[],"_links":{"self":[{"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/posts\/39218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/comments?post=39218"}],"version-history":[{"count":1,"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/posts\/39218\/revisions"}],"predecessor-version":[{"id":39237,"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/posts\/39218\/revisions\/39237"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/media\/12882"}],"wp:attachment":[{"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/media?parent=39218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/categories?post=39218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/8gfg.shop\/blog\/wp-json\/wp\/v2\/tags?post=39218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}