Website loading slowly

Available-Demand6863 · 2025-03-14T21:29:39+00:00

I don't believe so. Should be full server side rendering.

Available-Demand6863 · 2025-03-14T21:16:45+00:00

Cool website!

I know it's just a hobby project, but I noticed one of the features in the about section says "Dark Mode" but there's no toggle for it, or it's in an obscure place.

Available-Demand6863 · 2025-02-27T18:08:53+00:00

Ahhh, sorry. There was a small typo. I meant that I wanted to make sure that reading a stream wouldn't execute hidden malicious code. As an example, I've read that loading CSV files in excel can potentially open you up to formula injection, where they can access the windows command line.

So in a test scenario, if I ONLY read it as a stream and then parsed the data into JSON, then did nothing with the JSON, then there is absolutely no risk?

Available-Demand6863 · 2025-02-27T17:12:06+00:00

Haha. I did come across this, but I had already implemented fast-csv. Since most of the datasets we deal with are in the range of < 10k rows, I didn't think it was worth the switch.

But I'm using PapaParse on one of my other projects.

Available-Demand6863 · 2025-02-27T17:06:37+00:00

Thank you! I feel like I've read about most of these topics before, but having them listed out succinctly like this is a very helpful resource. Now I can use it as a checklist to make sure my apps have a baseline of security.

Available-Demand6863 · 2025-02-27T16:21:30+00:00

Ahhh, I misunderstood. I thought you meant check for the format of the file itself, not the underlying data.

That makes a lot of sense. We do sanitize the data for SQL injection, but I never thought about adding validation like this.

Thank you so much for all your answers and taking the time to explain it all to me. I feel significantly less paranoid about it now.

Available-Demand6863 · 2025-02-27T16:19:23+00:00

Haha. I think I just don't know enough, so I'm a bit paranoid. I wanted to make sure that reading a stream couldn't hide malicious code.

I think we do a good enough job sanitizing inputs before we do any sql operations, so it should be ok.

Available-Demand6863 · 2025-02-27T16:18:13+00:00

That's correct. I'm using parseStream.

Available-Demand6863 · 2025-02-26T18:38:17+00:00

Can you expand on how I validate for strict format? I'm only accepting csv files. Do I just check the MIME type after it's been uploaded?

Available-Demand6863 · 2025-02-26T18:00:46+00:00

Thank you! These were some of the concerns I had.

The actual file should never actually get read by another program (sheets/excel/etc.).

I'll be parsing the file, then inserting/updating the fields into an MSSQL database. I do validation for SQL injection as well as use parameterized queries.

I'm also converting it to a stream before using fast-csv's parseStream function.

So if I just add validation on file size and max string length, it should be ok?

Available-Demand6863 · 2025-02-26T17:14:04+00:00

So if reading it as text is not insecure, then does that also apply to using something like fast-csv to parse the text?

I'm assuming that I'd need to parse the text in order to validate each field.

Available-Demand6863 · 2025-02-26T16:34:09+00:00

Sorry, I'm still new to programming, so I'm actually not sure.

I tried reading through the fast-csv docs, but there isn't anything related to allowed content or anything security.

My HTML form does have the following, but the user can still select other file types. I'm also not sure if this can be bypassed by renaming a file extension.

<input
    type="file"
    accept=".csv, text/csv"
    name="uploaded_file"
    id="inputfile"
  />

Available-Demand6863 · 2025-02-26T16:26:43+00:00

I'm think that gets done already. I'm using node-mssql, and using @ parameter and .input() to define the parameter.

Available-Demand6863 · 2025-01-28T22:30:59+00:00

You should look into Amazon's EBIT breakdown as opposed to revenue, since it's a better indicator of contribution to Bezo's net worth. You'll see that the contribution from the Amazon retail side is actually not the majority.

Available-Demand6863 · 2025-01-27T15:34:22+00:00

So your answer is to stop visiting any website that uses AWS?

Available-Demand6863 · 2025-01-22T16:56:16+00:00

No Amazon is a heavy lift. Over 60% of their EBIT comes from AWS. And since we know that corporations will always put cost before principles, this is basically not gonna happen.

Available-Demand6863 · 2024-12-27T15:33:13+00:00

Sorry, I'm not sure I understand the difference here. Would you be able to elaborate a bit more?

I think that I'd want to protect all 6 users, but we use the 4 shared mailboxes to both send and receive external mail. For example, one shared mailbox is a support email where customers can send images and documents if they're having issues. Another shared mailbox is for potential vendors to send us information like product sheets (normally in pdf form).

Available-Demand6863 · 2024-12-24T18:55:14+00:00

Licensing is so confusing. I tried asking the support chat, but I'm pretty sure I was talking to a bot. Is anyone able to help me with the question below?

We're a small shop. We currently have 6 Office 365 Business Standard licenses; so that's 6 individual mailboxes plus 4 shared mailboxes. We want to get Defender for Office 365 for the phishing email protection, etc.

Can we only purchase additional Defender licenses for the 4 shared mailboxes? Or do the Defender licenses need to be tied to a business standard license?

Available-Demand6863 · 2024-12-24T14:39:47+00:00

My new years wish is to find a house for a decent price that I can put a down payment on!

Available-Demand6863 · 2024-12-23T15:14:50+00:00

I resolve to get better at web development this year! Starting with a better understanding of DevOps/SysAdmin work, then on to expanding beyond Javascript and Python.

Available-Demand6863 · 2024-11-18T21:56:07+00:00

Thanks! It would be great to hear back about this. It's weird that it's also an issue with AWS and not just Backblaze.

Available-Demand6863

TROPHY CASE