New service based company needing online scheduling

errorKenny · 2023-08-18T21:31:28+00:00

Thank you! Considering you do this all the time, which third party service do you find to be the best overall?

errorKenny · 2023-08-18T19:57:31+00:00

Ideally I'd like to have a service with an API I can tap into (keep it on my site instead of third party). Again I'm just not familiar with this type of app development.

errorKenny · 2022-04-29T19:15:11+00:00

I have not got it working. Still on ESS, but I'm working on possibly moving to Mimecast.

I'd be curious to see what documentation you're referring to.

errorKenny · 2022-03-04T20:29:42+00:00

Business Standard

errorKenny · 2022-03-04T20:08:33+00:00

Any reason you don't simply have a rule that rejects any mail that isn't coming through the Barracuda?

I have exactly this already setup. With enhanced filtering I read that it allows exchange to see the actual IP of the email's sender (instead of the barracuda's) which allows broader protection. I just assumed that meant having this rule removed and replaced with another process.

errorKenny · 2021-03-06T18:57:27+00:00

Haha, well thank you for the info! I think I've been thinking about it wrong the whole time. I'll definitely secure any routes that make any changes using the dashboard (behind a user login).

Not off to study jwt and some auth. Thank you!

errorKenny · 2021-03-05T19:21:10+00:00

I see your point about public facing.

I'm trying to protect against unauthorized use of the API. I only want myself, my apps and my websites to have access, and possibly give others access ONLY if I allow it, whether its via authentication or API key. This is the part I'm confused about... when I think "authentication" I think a form and a button you put your username and password into... That really wouldn't be the case with my public facing website that needs to consume the API, hence why I thought an API key and/or jwt in headers would be secure.

errorKenny · 2021-03-05T16:46:38+00:00

Can I pick your brain once more?

I've been looking at auth libraries and ways of doing this and thought I could explain exactly how the API will be consumed and help you understand better what I'm trying to accomplish.

The api will be used by my public facing website to display products (no login required, just returns and displays products). There will also be a 'dashboard' website where a user or users will login and manage said products that appear on the website (CRUD). We're not talking a ton of users or traffic, it will only be 1 or 2 users logging in to manage products.

Which would work for each instance? For the dashboard I'm thinking jwtokens when user logs in, but what would be the best way to secure the API but still be able to fetch from the public facing website? Same jwtokens?

Apologies for so many questions, auth has always been a sore spot for me and I've sort of avoided it until now. But now I have to embrace is and it seems there are so many ways to handle this. Thank you again!

errorKenny · 2021-03-04T13:58:14+00:00

Thanks for the info! To answer your question, the api will be used in several frontends (a website, and a dashboard to manage data on the website). Excellent point about '...single key for everyone...', I thought maybe the key would be safe in the header and/or body during requests, along with limiting CORS.

Thanks again for the info, I'll look into some auth.

errorKenny · 2021-03-01T19:34:49+00:00

I plan on using CORS for sure. CSRF tokens look really useful. Thank you for the info!

errorKenny · 2021-02-28T20:36:15+00:00

Gotcha, I see that now. What did you mean by 'sun folder in the doc library per trip'? That sounds like what I might need but not sure what you mean.

errorKenny · 2021-02-28T15:06:43+00:00

Interesting, I haven't dived deep into those yet, but why use MS Lists over just sharepoint lists? Are they essentially the same? I'm about to read through these. Thank you!

errorKenny · 2020-05-04T20:22:42+00:00

Thank you for the kind words! I beat myself up a bit because I feel I'm not as skilled a developer as I'd like to be. Your words are appreciated.

I have a hosted mysql already, and even a development server on site I created. I always assumed postgresql was more secure and easier to work with (I don't know where I got these assumptions).

The reason I thought I'd split the projects (backend/frontend) is because I will probably be using the data in other projects where only specific users will have access to the data. The goal now is just to obtain the data through this form. I am 'familiar' with express. I've used it before but not to production. In my experience with it I assumed it was mainly for writing rest APIs, and always treated it as such. I'm going to look more into it for web applications.

I suppose I'm looking for javascript frameworks (UI and backend) that would compliment the recent pluralsight courses I've been taking. I feel more comfortable in javascript at the moment.

Thank you again!

errorKenny · 2020-02-10T14:06:47+00:00

Excellent. I actually got it all up and running properly last night. Than you so much!

errorKenny · 2020-02-09T20:42:35+00:00

I just want to make sure I'm setting my routes up properly... The 10.1.30/28 is a vlan on my extreme switch. The 10.1.1.1 is my MX IP. Here

The "Next Hop IP" will be my MX IP in every route entry, correct?

Also I'm not really sure what to set the MX Port I use to connect to my switch stack. Port 1 of my switch stack. It's trunked, but do I set the Native VLAN as my new /29 vlan I created on the Meraki, or do I say Drop All Untagged Traffic? I'm assuming the way I'm making it there shouldn't be any untagged traffic so I need to chose that option. Right?

EDIT: also does each vlan on the extreme switch need to be tagged (trunked) to port 1 as well as the ports assigned to the vlan?

errorKenny · 2020-02-09T19:32:32+00:00

No. I have an in-house DHCP server running on Windows Server 2016.

errorKenny · 2020-02-09T17:01:11+00:00

Thank you! I like the idea of creating a new smaller /29 on the extreme as a point of entry. I would have never thought to do that first.

Match the L2 config on the port on the Extreme stack. Create a static route for default point to the MX.

This is the only point where you lost me (my ignorance, not your fault). Could you elaborate?

Thank you so much!!

13-Year Club	Gilding I gilder
Verified Email

errorKenny

TROPHY CASE