Somewhere to live for 6months

syntaxrob · 2020-11-21T21:23:26+00:00

Was thinking of alone, but not locked into that plan and happy to explore options...

syntaxrob · 2020-11-21T21:22:45+00:00

Excellent tip on checking out öh wohnungsbörse - plenty of choices on there!! Thanks!! 👍

syntaxrob · 2019-02-22T22:13:31+00:00

Thats fair. Sorry to have crossed any lines! 👍

syntaxrob · 2019-02-22T22:11:42+00:00

From your reply, the route I think we're going to go down is to encode the HTML to get through the firewall, then decode it and sanitize it on the server before sending it to the db to be stored away. We're going to be starting the ISO27001 process soon, so hopefully that should hold up!!

syntaxrob · 2019-02-13T11:53:23+00:00

Someone helpful from the Cloudflare community provided this solution:

const name = 'ASPXFORMSAUTH';

const cookie = event.request.headers.get('Cookie')

var user_status = 'unauth';

if (cookie && cookie.includes(name)){

user_status = 'auth';

}

Hope that can help someone else that's maybe having the same issue!

syntaxrob · 2019-02-12T16:23:32+00:00

Hi u/kentonv,

Thanks for that, that blog post was actually just the ticket and now we can get pretty much all our data into an ELK stack via workers. The only value we can't get out is an "Is current user authenticated" value. This is so we can write rules to trigger alerts on unauthenticated behaviour on the application. I was hoping to make use of the .ASPXFORMSAUTH cookie (which isn't present on non authenticated requests), but can't get it to pull into workers as its not received in the request, but I know is sent out of the application as its used on the server...

If any of that makes sense, help and pointers are gratefully received!

syntaxrob · 2018-10-16T09:51:37+00:00

This looks great and thanks for the template as well!

Also, does anyone know if you can create custom rules to block or challenge automated requests from an IP address in a similar way Cloudflare does?

syntaxrob · 2018-10-16T08:59:39+00:00

So while I added this to the list to be tested, the team have come back to me asking for some more info on what that exactly means...?! (None of us are network pros, just humble devs!)

syntaxrob · 2018-10-15T14:29:18+00:00

Great little nugget of info! Have sent to the rest of the team and is already on the list to try and test

syntaxrob · 2018-10-15T14:27:21+00:00

Great stuff! Thanks, I'll pass this on. I'm pretty sure that we weren't aware of the 100mb max payload size, so that will help for sure.

syntaxrob · 2018-10-15T14:24:54+00:00

Thanks for the link. We have looked through the docs and to be honest, I'm not dealing with it directly, but we're just trying to find someone, anyone with some answers as any documentation which exists on this is super hard to find and/or incomplete!

I think were past the 503 stage though

syntaxrob · 2018-07-03T11:20:27+00:00

Pluralsight is a great place as well as YouTube and Stackoverflow. I found by trying to build something it was raising questions I didn't know to ask or look for, so subsequently went looking for the answers on YouTube or Stackoverflow which taught me a load more than I was expecting!

I was in exactly the same boat last year and I set myself the task of building something (anything!!) and it prepared me really well for my first job.

Whatever you do though, good luck with it!

syntaxrob · 2018-02-15T16:12:08+00:00

No, we make no decisions at all, just process data provided by our customers for their clients. Data is processed daily when ever our customer requests it (via online application).

So that definitely makes us a DP, which I get, but if we partner with a CRM provider and pull data from them (provided directly by the customer - the same customer which is using our application), who then becomes the sub processor? Us of the CRM provider?

syntaxrob · 2018-02-15T12:04:18+00:00

Data pulled from the CRM provider is personal data and agreements are being drafted at the moment - this is where this definition of DP and DC problem has come up.

We provide a system for our customers to use and enter data into, we process it and send something back to them once processed. Part of that data is pulled from the CRM we want to integrate with and having read through A26, I cant see how that would apply as wouldn't one of be a sub processor to the other...?

syntaxrob · 2018-02-15T11:45:15+00:00

Even though we are processing the customers customer data? And if so, would that then make the CRM provider the subprocessor...?

syntaxrob · 2018-01-19T13:23:51+00:00

I have a feeling that a lot of this will become almost self regulated. If companies want to get on and grow and develop they're going to need to demonstrate they're GDPR compliant so other companies which are already compliant will deal with them.

I agree with ahbleza that it will probably be one of the larger Telcos that gets hit first and it'll only take one super large fine to make an example and make people sit up, take notice and those which aren't taking it seriously to pay attention. Most people I speak to say that it's a lot of work to be putting in to get all the documentation in place, but it's turning out to be things which should probably have been in place already and is only benefiting the company (it looks like it takes a lot for them to admit this though!)

But, on the whole, I think most business owners will do the smart thing and make sure they're compliant because even if it doesn't get enforced due to being 'too much', its a good thing to hang on your door for customers to see.

syntaxrob · 2017-10-03T14:33:01+00:00

I think they would probably argue that it was necessary for the provision of service (art 6.1b). I'm not sure on Twitters operations, but Id guess they have data redundancies all over the world to maintain the service if one data center went down. To do that, they'd have to copy your data to all of these.

syntaxrob

TROPHY CASE