October 2024
Beginner to intermediate
344 pages
7h 44m
Korean
Content preview from 이펙티브 러스트
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
309
5
장
도구 활용
언제나 등장하기 마련이다.
둘째, 오픈 소스 코드에 대한
CI
시스템은 코드베이스에 필요한 사전 설정 사항과 관련된 가이
드 역할을 할 수 있다. 순수 러스트 크레이트라면 상관없지만 코드베이스에 필요한 의존성이
많은 경우, 이를테면 데이터베이스나
FFI
코드를 위한 툴체인이나 설정 등이 필요하다면, 이
모든 것을 새 시스템에서 구동하는 방법을
CI
스크립트를 통해 알아낼 수 있다. 전반적인 설정
단계를 재사용 가능한 스크립트에 기록해 두면 시스템을 정상 작동시키는 방법을 사람뿐만 아
니라 봇에게도 명확히 알릴 수 있다.
마지막으로 공개된 크레이트는 악용과 공격 가능성이 있다.
CI
시스템을 암호화폐 채굴에 악용
하는 공격부터 코드베이스 액세스 토큰 도용, 공급망 공격에 이르기까지 다양한 공격이 발생할
수 있다. 이러한 위험을 줄이려면 다음 가이드라인을 참고하자.
●
등록된 공동 작업자에 대해서만
CI
스크립트가 자동으로 실행되고, 새로운 기여자에 대해서는 수동으로
구동되도록 접근 권한을 적절히 제한한다.
●
외부 스크립트의 버전을 특정 버전이나, 더 나은 방법으로는 등록된 특정 해시에 고정시킨다.
●
코드베이스에 단순히 읽기 권한만 필요한 것이 아닌, 더 많은 권한을 요구하는 통합 단계는 주의 깊게 모
니터링한다.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.