å€ãã®å ŽåãäŒæ¥ããŒã¿ã¯äŒæ¥ç§å¯ã§ããããããæŒãããšãè©å€ã«ææãäžããçµæžçæ倱ãããã«ã¯ç Žç£ã«ã€ãªããå¯èœæ§ããããŸãããããã£ãŠãB2B補åã®ã»ãã¥ãªãã£èŠä»¶ã¯éåžžã«é«ããªããã°ãªããŸãããæ°è£œåã®äœæ-CorporateMail Mail.ru-ç§ãã¡ã¯ããã®ã»ãã¥ãªãã£ã®åé¡ã«ç¹å¥ãªæ³šæãæããŸããã
Corporate Mail Mail.ruã¯ãããªãã¿ã®B2Cã¡ãŒã«Mail.ruã®ãªã³ãã¬ãã¹ããŒãžã§ã³ã§ãããããšæ¯èŒãããšãæ°ããç°å¢ã§åäœããããã«å€ãã®å€æŽãå«ãŸããŠããŸã-顧客åè·¯ã
ã客æ§ã«å®å šããå®å¿ããã ãããã«ããµãŒãããŒãã£äŒæ¥ã§ç£æ»ãå®æœããçºèŠãããã¹ãŠã®æ¬ é¥ãä¿®æ£ããŠããã補åãåžå Žã«æäŸããããšã«ããŸããããããè¡ãããã«ã圌ãã¯æ å ±ã»ãã¥ãªãã£ã®åéã§æãè©å€ã®è¯ãäŒç€Ÿã®1ã€ã§ããããžã¿ã«ã»ãã¥ãªãã£ã«ç®ãåããŸããã
ç£æ»çµæã¯ã«ãããããŠããŸãã
uWSGIã§ã®ãªã¢ãŒãã³ãŒãå®è¡
PythonWebã¢ããªã±ãŒã·ã§ã³ãæ§ç¯ããããã®ããŸããŸãªãã¬ãŒã ã¯ãŒã¯ããããŸããéåžžãPython WebãµãŒããŒã²ãŒããŠã§ã€ã€ã³ã¿ãŒãã§ã€ã¹ïŒWSGIïŒã¯ãWebã¢ããªã±ãŒã·ã§ã³ãšWebãµãŒããŒéã®éä¿¡ã«äœ¿çšãããŸããããã«ãWSGIã䜿çšãããšãããã«ãŠã§ã¢ã³ã³ããŒãã³ããå®è£ ã§ããŸãã
Python Webã¢ããªã±ãŒã·ã§ã³ãšApacheãNginxãªã©ã®WebãµãŒããŒéã®éä¿¡ãæšæºåããããã«ãPEP 0333ãéçºãããç¶ããŠWSGIã€ã³ã¿ãŒãã§ã€ã¹ã説æããPEP3333ãéçºãããŸããã WSGIãã©ã®ããã«æ©èœãããã«ã€ããŠã¯è©³ãã説æããŸããããWSGIã€ã³ã¿ãŒãã§ã€ã¹ããµããŒãããäžè¬çãªãµãŒããŒã§ããuWSGIã«ã€ããŠèª¬æããŸãã
uWSGIãµãŒããŒã¯ãéåžžã®WebãµãŒããŒã¢ãŒããšãWSGIã¢ãŒããã®äž¡æ¹ã§åäœããNginxãªã©ã®å¥ã®WebãµãŒããŒãšããŒã¿ã亀æã§ããŸããåæã«ãNginxã¯åãååã®ãã€ããªãããã³ã«ã䜿çšããŸãuwsgiã¯ããã®è±å¯ãªæ©èœã«ãããµã€ããŒç¯çœªè ã«ãšã£ãŠèå³æ·±ããã®ã§ãããœãªã¥ãŒã·ã§ã³ã®ãå éšããåæãããšã補åã®ãã¹ãŠã®å éšã³ã³ããŒãã³ããã¢ã¯ã»ã¹ã§ããuWSGIãµãŒããŒãèŠã€ãããŸããã
åé¡ã¯ãuwsgiãããã³ã«ããuWSGIãµãŒããŒãåçã«æ§æã§ããããããããžãã¯å€æ°ã䜿çšã§ããããšã§ããããããã®å€æ°ã®äžã«ã¯
UWSGI_FILE
ãå€æ°ã§ãã¡ã€ã«ãžã®ãã¹ãæå®ãããšãæ°ããåçã¢ããªã±ãŒã·ã§ã³ãããŒãã§ãããã®ããããŸãããããå€æããããã«ãuWSGI-ãµãŒããŒã«ã¯ãäŸãã°ããã®ããã«ç°ãªãåè·¯ãæ±ãããšãã§ãsection
ãfd
ãcall
ããŸãã¯æãèå³æ·±ãã§ã- exec
ããããã£ãŠãå€æ°ãå€ãšããŠæž¡ãããšãã§ããŸãexec://<cmmand>
ä»»æã®bashã³ãã³ããå®è¡ããŸãããã®åé¡ãåæããããã«ãgithubã§å
¥æå¯èœãªãšã¯ã¹ããã€ããäœæãããŸããã
ã³ãã³ããå®è¡ããã¯ãšãªã®äŸã
ãã®è匱æ§ã¯ãæ»æè ã次ã®å Žåã«ã®ã¿æªçšãããå¯èœæ§ããããŸãã
- ãã§ã«è£œåã®å éšãããã¯ãŒã¯äžã«ãããŸããããšãã°ãã³ã³ããŒãã³ãã®1ã€ã䟵害ãããŠããŸããããã«ããã圌ã¯æ°ããã³ã³ããŒãã³ããä¹ã£åããæ°ããããŒã¿ã«ã¢ã¯ã»ã¹ããæ»æãç¶ããããšãã§ããŸãã
- æã£ãŠããSSRFãïŒäœ¿çšããŠäŸãã°TCPäžã§ä»»æã®ããŒã¿ãéä¿¡ããæ©èœã§
gopher://
ïŒããã®ã·ããªãªã§ã¯ãæ»æè ã¯è£œåã®å éšã«ã¢ã¯ã»ã¹ã§ããŸãã
ä»ã®ããã°ã©ãã³ã°èšèªãŸãã¯ãã¬ãŒã ã¯ãŒã¯ã®CGIã€ã³ã¿ãŒãã§ã€ã¹ã®å®è£ ãè匱ã§ããå¯èœæ§ãããããšã«æ³šæããŠãã ãããããšãã°ãFastCGIã®åããªããžããªããã®æªçšãªã©ã§ããããã¯ããããéåžžã®æå³ã§ã®è匱æ§ã§ãããšèšã£ãŠããã®ã§ã¯ãªããCGIãµãŒããŒã®æ©èœã§ããããããã®ãããªãµãŒããŒãžã®ã¢ã¯ã»ã¹ãå¯èœãªéãå¶éããå¿ èŠããããŸãã
CSRFä¿è·ããã€ãã¹ãã
ãã©ãŠã¶ã«ããŸããŸãªã»ãã¥ãªãã£ã¡ã«ããºã ãå°å ¥ãããããšã§ãææ°ã®Webã«å¯Ÿããã¯ã©ã€ã¢ã³ãåŽã®æ»æã¯åŸã ã«æ¶ãã€ã€ãããŸããããã¯CSRFã«ãåœãŠã¯ãŸããŸãããã©ãŠã¶ã¯SameSitecookieã®ãµããŒãããã§ã«å®è£ ããŠããŸãããæ£ããæ§æãããŠããªãå Žåã§ããæãç©Žãååšããå¯èœæ§ããããŸããããã«ãå€ãã®äžè¬çãªãã¬ãŒã ã¯ãŒã¯ã䜿çšãããšãéçºè ã¯CSRFä¿è·ãç°¡åã«æ§æã§ããŸãããããã€ãã®ãã°ãé倧ã§ã¯ãªãè匱æ§ãCSRFæ»æã«ã€ãªããå¯èœæ§ããããŸãããã®ãããªãšã©ãŒã¯ãåœç€Ÿã®è£œåã«å«ãŸããŠããã«ã¬ã³ããŒã¢ããªã±ãŒã·ã§ã³ã§èŠã€ãããŸããã
ãã®ã¢ããªã±ãŒã·ã§ã³ã«ã¯ããŠãŒã¶ãŒã®ã€ãã³ããã«ã¬ã³ããŒã«å¯ŸããŠãããšãã°ç·šéã衚瀺ãåé€ãªã©ã®ã¢ã¯ã·ã§ã³ãå®è¡ã§ããAPIããããŸãããªããžã§ã¯ããåç §ããããã«ãUIDãã©ã¡ãŒã¿ãURLãã¹ã§æž¡ãããŸããããã¯ãã«ã¬ã³ããŒãŸãã¯ã€ãã³ãã®IDãæ åœããŸãã次ã®ããã«ãªããŸãã
example.com/api/calendar/{UID}/action?
example.com/api/event/{UID}/action?
ããã©ã«ãã§ã¯ãUIDã¯ã©ã³ãã ã«çæããããŠãŒã¶ãŒã®åœ±é¿ãåããããšã¯ãããŸãããããããã¢ããªã±ãŒã·ã§ã³ã§ã¯ããŠãŒã¶ãŒãUIDãå€æŽã§ããå Žæã2ã€èŠã€ãããŸããã
1ã€ã¯ããã¡ã€ã«ãICS圢åŒïŒã«ã¬ã³ããŒãšã€ãã³ãçšã®ç¹å¥ãªåœ¢åŒïŒã§ã€ã³ããŒãããããšã§ãããã¡ã€ã«ã«ã¯ãã€ã³ããŒãæã«ãŠãŒã¶ãŒãå¶åŸ¡ããç¹å¥ãªUIDãã£ãŒã«ãããããŸãããã®å Žåãã€ãã³ããã€ã³ããŒãããåŸããããã®UIDã¯ãã¡ã€ã«ã§è»¢éããããã®ãšåããŸãŸã«ãªããŸãããŸãããã®ãã©ã¡ãŒã¿ãŒã«ã¯ãã£ã«ã¿ãªã³ã°ããããŸããããããã£ãŠããŠãŒã¶ãŒã¯ä»»æã®UIDã§ã€ãã³ããäœæã§ããŸãã
2ã€ç®ã¯ãç·šéæã«UIDã«ã¬ã³ããŒãå€æŽããæ©èœã§ããããã¯ãã«ã¬ã³ããŒãç·šéããèŠæ±ãã€ã³ã¿ãŒã»ããããUIDãã£ãŒã«ããå€æŽããã ãã§å®è¡ã§ããŸããããã«ããã£ã«ã¿ãªã³ã°ã¯ãããŸããã§ããã
ãã1ã€ã®éèŠãªæ©èœïŒãã®APIã¯CSRFä¿è·ãå®è£ ããŸãããã®ãããç¹å¥ãªãã©ã¡ãŒã¿ãŒãGETãã©ã¡ãŒã¿ãŒã§æž¡ãããAPIã®ããŒãšCSRFããŒã¯ã³ã®äž¡æ¹ã®åœ¹å²ãæãããŸãã JavaScriptãä»ããŠãã¹ãŠã®APIãªã¯ãšã¹ãã«è¿œå ãããŸãã CSRFããŒã¯ã³ãGETãã©ã¡ãŒã¿ãŒã§æž¡ãããšã¯ãå§ãã§ããŸããããã®å ŽåãããŒã¯ã³ãåç §å ãã¢ããªã±ãŒã·ã§ã³ãã°ããŸãã¯ãã©ãŠã¶ãŒã®å±¥æŽãããªãŒã¯ããå¯èœæ§ããããŸãã
ãã¹ãŠãäžç·ã«å ¥ããŠãæ»æè ã¯ãã¢ããªã±ãŒã·ã§ã³å ã®ãªããžã§ã¯ãUIDãå¶åŸ¡ããã€ãã³ããšã«ã¬ã³ããŒã®äž¡æ¹ãžã®ã¢ã¯ã»ã¹ãä»ã®ãŠãŒã¶ãŒãšå ±æã§ããŸãããã®å ŽåããŠãŒã¶ãŒã«ã¯åãUIDã衚瀺ããããã®ãããªãªããžã§ã¯ãã®æäœãéå§ãããšãæ»æè ã«ãã£ãŠå¶åŸ¡ãããŠããUIDã䜿çšããŠèŠæ±ãå®è¡ãããŸããããã䜿çšããŠãæ»æè ã¯æ¬¡ã®ãããªUIDãæã€ãªããžã§ã¯ããäœæã§ããŸãã
../../../AnyPathTo?anyparam=value&
ããã§ããŠãŒã¶ãŒããªããžã§ã¯ãã«å¯ŸããŠã¢ã¯ã·ã§ã³ãå®è¡ãããšããªã¯ãšã¹ããçæãããŸãã
example.com/api/event/../../../AnyPathTo?anyparam=value&/action
次ã«ãããŒã¯ã³ãããã«è¿œå ãããCSRFããŒã¯ã³ã®åœ¹å²ãæãããŸãã
example.com/api/event/../../../AnyPathTo?anyparam=value&/action&token=abcdef
ãããŠæåŸã«ããªã¯ãšã¹ããè¡ããšããã©ãŠã¶ã¯ã·ãŒã±ã³ã¹ "
../
"ãæ£èŠåãããã®çµæããªã¯ãšã¹ããéä¿¡ãããŸã
example.com/AnyPathTo?anyparam=value&/action&token=abcdef
ããã§ãæ»æè ã¯ãä»»æã®ãã©ã¡ãŒã¿ãŒãšæ£ããCSRFããŒã¯ã³ã䜿çšããŠãä»»æã®ãã¹ã«æ²¿ã£ãŠãŠãŒã¶ãŒã«ã¢ããªã±ãŒã·ã§ã³ã«èŠæ±ãéä¿¡ãããããšãã§ããŸããå®è¡ã§ãããªã¯ãšã¹ãã¡ãœãããç解ããå¿ èŠããããŸãã
ç·šéæã¯PUTãåé€æã¯DELETEã衚瀺æã¯GETïŒPOSTã¯äœæã«äœ¿çšããã被害è ã«åŒ·å¶çã«äœ¿çšãããããšã¯ã§ããŸããïŒãšããåçŽãªçµæã«ãªããŸãããæ»æè ã¯DELETEã䜿çšããããšã«ããããŠãŒã¶ãŒã®ãã©ãŠã¶ã«ããŠãŒã¶ãŒãããªããžã§ã¯ããåé€ããèŠæ±ãå®è¡ãããããšãã§ããŸããæ»æè ã«ãšã£ãŠã®ãã1ã€ã®ããŒãã¹ã¯ããŠãŒã¶ãŒããªããžã§ã¯ããç·šéãããšãPUTãªã¯ãšã¹ãããªã¯ãšã¹ãæ¬æãšãšãã«éä¿¡ãããããšã§ããã«ã¬ã³ããŒãç·šéããå Žåããªã¯ãšã¹ãã®æ¬æã«ã¯ãçŸåšã®ã«ã¬ã³ããŒã®ãã¹ãŠã®ãã©ã¡ãŒã¿ãŒãå«ãJSONãå«ãŸããŸããã€ãŸãããæªæã®ãããã«ã¬ã³ããŒãäœæããæ»æè ããããã®ãã©ã¡ãŒã¿ãå¶åŸ¡ããŸããæ»æè ãç·šéãªã¯ãšã¹ãããæªæã®ãããã«ã¬ã³ããŒãããŠãŒã¶ãŒã®ãã©ã€ããŒãã«ã¬ã³ããŒã«ãªãã€ã¬ã¯ãããããšã«æåããå Žåããæªæã®ãããã«ã¬ã³ããŒã®ãã¹ãŠã®ããããã£ã被害è ã®ãŠãŒã¶ãŒã®ã«ã¬ã³ããŒã®ããããã£ã«é©çšãããŸããããã¯ãJSONã§æå®ãããã«ã¬ã³ããŒããããã£ã®1ã€ã§ãããããã«ã¬ã³ããŒãžã®ã¢ã¯ã»ã¹ãäžæžãããå¯èœæ§ããããŸãã
MITMæ»æèœå
äŸµå ¥è ãäŒç€Ÿã®å éšãããã¯ãŒã¯ã«äŸµå ¥ããããšã¯å±éºãªç¶æ³ã§ãããæ·±å»ãªçµæãæããŸãããããã£ãŠã補åã®ç£æ»äžãç§ãã¡ã®ã¿ã¹ã¯ã®1ã€ã¯ãæ»æè ããã¡ã€ã³ãäžã«ç§»åããããå€éšããã®æ»æãæ¹åãããããã®ã«åœ¹ç«ã€å¯èœæ§ã®ããã·ã¹ãã ã¢ãŒããã¯ãã£ã®æ¬ é¥ãèŠã€ããããšã§ããã
ãã®è£œåã®äž»ãªæ©èœã®1ã€ã¯ãActiveDirectoryãšã®çµ±åã§ããLDAPãä»ããèªèšŒãšãExchangeãµãŒããŒããã®ã¡ãã»ãŒãžã®åéã®ããã«å®è£ ãããŠããŸãããã®äŸã§ã¯ãActiveSyncã«çŠç¹ãåœãŠãŸããæ»æè ã«ãšã£ãŠãããã¯éåžžã«èå³æ·±ãã¿ãŒã²ããã§ããæ¥ç¶äžã«ãŠãŒã¶ãŒã¢ã«ãŠã³ããšãã¹ã¯ãŒãã補åãšActiveDirectoryã®éã§æž¡ãããããã§ããæ»æè ã¯æ¥ç¶ã«ã¢ã¯ã»ã¹ããããšã§ã¢ã«ãŠã³ããä¹ã£åãããšãã§ãããã¡ã€ã³ã®äŸµå®³ã«äžæ©è¿ã¥ããŸãã
å éšãœãªã¥ãŒã·ã§ã³ãäŒæ¥ã®ãµãŒããŒã§ã¯ãTLSã®èª€ã£ã䜿çšããã®æ¬ åŠã«åé¡ãããããšããããããŸããããµãŒãã¹ã«TLSãå®è£ ããããšã¯é£ãããããŸãããããã¯éåžžãäŒç€Ÿã®å éšãããã¯ãŒã¯ãããå®å šã§ãããšèŠãªãããäŒç€Ÿã®ç®¡çè ãæ£ããPKIã€ã³ãã©ã¹ãã©ã¯ãã£ãäœæããŠãã¹ãŠã®ãµãŒããŒã«èšŒææžãçºè¡ããæéãç¡é§ã«ããªããšããäºå®ã®çµæã§ãã
äŒæ¥ãããã¯ãŒã¯å ã§æãäžè¬çãªæ»æã¯MITMã§ãããã®ã¿ã€ãã®æ»æã¯ãã»ãšãã©ã®å ŽåãäŒæ¥ã®ActiveDirectoryå ãžã®ã¢ã¯ã»ã¹ãèš±å¯ããŸããåæã«ãæ»æè ãäŒç€Ÿã®ãããã¯ãŒã¯å ã®ãµãŒããŒéã®çžäºäœçšãæ»æããããšãåžžã«å¯èœã§ãããšã¯éããŸãããã»ãšãã©ã®å ŽåãäŸµå ¥ãã¹ãäžã«ãæ»æè ãŸãã¯åœŒã®ã¢ãã«ã¯ãExchangeãµãŒããŒãŸãã¯ãã¡ã€ã³ã³ã³ãããŒã©ãŒããªããŠãŒã¶ãŒãããã¯ãŒã¯ã»ã°ã¡ã³ãã«åé¡ãããŸããããã«ãç§ãã¡ã®å Žåã補åã¯NBNSãLLMNRãmDNSãªã©ã®ãããŒããã£ã¹ãå解決ãããã³ã«ã䜿çšããªãããããããã®ãããã³ã«ã®ã¹ããŒãã£ã³ã°ã§ã¯MITMãå®è£ ã§ããŸããããããã£ãŠããœãªã¥ãŒã·ã§ã³ãšä»ã®ãµãŒããŒéã®MITMãæåãããã«ã¯ãæ»æè ããããã®ã³ã³ããŒãã³ãã®1ã€ãã€ã³ã¹ããŒã«ãããŠãããããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ã§ããå¿ èŠããããŸãããã®ç®æšãéæã§ããå ŽåããããŸããè匱ãªã«ãŒã¿ãŒãŸãã¯ãµãŒããŒããããŸããããã«ãããæçµçã«ç¹å®ã®ãããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã
ç§ãã¡ã®å Žåãåæäžã«ãActiveDirectoryãšã®çµ±åã¯MITMæ»æã«å¯ŸããŠè匱ã§ããããšãå€æããŸããã
ãŠãŒã¶ãŒããŠãŒã¶ãŒåãšãã¹ã¯ãŒããå ¥åãããšãã·ã¹ãã ã¯2ã€ã®LDAPèŠæ±ããã¡ã€ã³ã³ã³ãããŒã©ãŒã«éä¿¡ããŸããæåã®ãªã¯ãšã¹ãã¯ã¡ãŒã«ã¢ãã¬ã¹ã®ãªã¹ããè¿ãããŠãŒã¶ãŒã®ãã°ã€ã³ããã®ãªã¹ãã«ååšããå Žåã¯ã2çªç®ã®ãªã¯ãšã¹ãã§ããSimpleLDAPèªèšŒãéä¿¡ãããŸããããŒã¿ã¯SSL / TLSã䜿çšããã«ã¯ãªã¢ããã¹ãã§éä¿¡ãããŸããã€ãŸããLDAPSïŒLDAP over SSLïŒã¯äœ¿çšãããŸãããããã«ãããæ»æè ã¯ãããã·ãMITMæ»æãçºçããå Žåã§ãã補åã§çŸåšèš±å¯ãããŠãããŠãŒã¶ãŒã¢ã«ãŠã³ããååŸã§ããŸãã
2çªç®ã®åé¡ïŒActiveSyncãããã³ã«ã䜿çšããŠExchangeãµãŒããŒã«æ¥ç¶ããŠçä¿¡ã¡ãã»ãŒãžãåéãããšãã«ãã·ã¹ãã ããµãŒããŒã®TLS蚌ææžã®ä¿¡é Œæ§ãæ€èšŒããŸããã§ããããã®å Žåãæ»æè ã¯ã¢ã¯ãã£ããªMITMæ»æãå®è£ ããæ¥ç¶ãåä¿¡ãããšãèªå·±çœ²å蚌ææžãäžããæ¥ç¶ã確ç«ããããŒã¿ãExchangeãµãŒããŒã«ãããã·ããå¯èœæ§ããããŸãããã®å ŽåãMITMã¯é衚瀺ã«ãªããæ»æè ã¯ActiveSyncãããã³ã«ã§éä¿¡ããããŠãŒã¶ãŒè³æ Œæ å ±ãååŸã§ããŸãã
ãããã®è匱æ§ãæªçšããããšã«ãããæ»æè ã¯çè«çã«ã¯ãŠãŒã¶ãŒã¢ã«ãŠã³ããååŸããããããActiveDirectoryãã¡ã€ã³ãžã®æ»æã«äœ¿çšããå¯èœæ§ããããŸãããããšã¯å¥ã«ãTLSãæ£ãã䜿çšããããšã¯ããœãªã¥ãŒã·ã§ã³ãå®è£ ããäŒæ¥ã«ãšã£ãŠå¿ èŠãªã¿ã¹ã¯ã§ããããšã«æ³šæããŠãã ããã
çµæ
ç§ãã¡ã¯åžžã«ããã«ãŒã®æ»æã«çŽé¢ããŠãããããããæéããæ¹æ³ã«ã€ããŠç¢ºããªçµéšãç©ãã§ããŸããç§ãã¡ã¯ãã客æ§ã®å¢çã«çœ®ã補åã¯ãç¬ç«ãããã§ãã¯ã®çµæãå«ããå¯èœãªéãå®å šã§ããå¿ èŠããããšèããŠããŸãã Corporate MailMail.ruã¯ãŸãã«ãã®ãããªè£œåã§ãã
å€ãã®ãã€ã¯ããµãŒãã¹ãå«ã倧èŠæš¡ãªã³ãŒãããŒã¹ã顧客ã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã«è»¢éããŠãé害ã管çè ã®ä»å ¥ãªãã«ã¡ãŒã«ãã»ãšãã©ã®æéã§åç¬ã§æ©èœããããã«ãããšããã骚ã®æããäœæ¥ã«çŽé¢ããŸããã
å€æŽãããæ¿èªïŒCorporate Mailã¯é¡§å®¢ã®ADã䜿çšïŒãšã¡ã€ã³ã®ã¡ãŒã«APIã«æã泚æãæãããã«ç£æ»äººã«äŸé ŒããŸãã-ãããã®ã³ã³ããŒãã³ãã®ãœãŒã¹ã³ãŒãã¯è©³çŽ°ã«åæãããŸããããã®çµæãèŠã€ãã£ãæ¬ ç¹ã¯äž»ã«ããããã¯ãŒã¯ããããžã®å€æŽãšããªã³ãã¬ãã¹ãœãªã¥ãŒã·ã§ã³ã«åºæã®å€æŽã«é¢é£ããŠããŸããã
æ®ãã®ã³ã³ããŒãã³ãïŒcalendarãããžãã¹ç®¡çã€ã³ã¿ãŒãã§ã€ã¹ã®Mail.ruïŒã«ã¯ãã°ã¬ãŒããã¯ã¹ã¢ãã«ã䜿çšãããŸãããç£æ»äººã¯éåžžã®ãŠãŒã¶ãŒã®æš©éã§ãµãŒãã¹ãšå¯Ÿè©±ããŸããããå®è¡äžã®ã¢ããªã±ãŒã·ã§ã³ã§ã³ã³ããã«æ¥ç¶ã§ããAPIãœãŒã¹ã³ãŒããéšåçã«ææããéçºè ã«è©³çŽ°ã確èªã§ããŸããã
ç£æ»ã¯ç§ãã¡ã«ãšã£ãŠéåžžã«åœ¹ã«ç«ã¡ãŸãããäžéšã®ã³ã³ããŒãã³ãã«ã¯ããã€ãã®æ¬ ç¹ããããå®å šãªè£œåãåžå Žã«åºãããã«ããã«ä¿®æ£ããŸãããåæã«ãä»ã®ã»ãšãã©ã®ã³ã³ããŒãã³ããé«ã¬ãã«ã§ä¿è·ãããŠããããšã確信ããŸãããç§ãã¡ã¯å®æçã«ãã®ãããªç£æ»ãå®æœããäºå®ã§ããç§ãã¡ã®æèŠã ãã§ãªããç¬ç«ããç£æ»äººã®æèŠã«ãããŠããåœç€Ÿã®è£œåãåžžã«æãå®å šãªåœå ãœãªã¥ãŒã·ã§ã³ã®ãããã«ããããšãæãã§ããŸãã
Corporate Mailã®ã»ãã¥ãªãã£ã¯ã補åèªäœã®ã»ãã¥ãªãã£ãšã¯ã©ã€ã¢ã³ãã®ã€ã³ãã©ã¹ãã©ã¯ãã£ã®çµã¿åããã§ããã€ãŸããäŒæ¥ããŒã¿ã®å®å šæ§ã«å¯Ÿãã責任ã¯ãç§ãã¡ãéçºè ãããã³ã¯ã©ã€ã¢ã³ãèªèº«ã«ãããŸããããã«ãã€ã³ãã©ã¹ãã©ã¯ãã£ãæ¬ é¥ããä¿è·ããããã®ãã¹ããã©ã¯ãã£ã¹ã«é¢ããæšå¥šäºé ãçå®ãã補åã®ã€ã³ã¹ããŒã«äžã¯åžžã«ã客æ§ã«ã¢ããã€ã¹ããŸãã