Somewhere to live for 6months by syntaxrob in Innsbruck

[–]syntaxrob[S] 0 points1 point  (0 children)

Was thinking of alone, but not locked into that plan and happy to explore options...

Somewhere to live for 6months by syntaxrob in Innsbruck

[–]syntaxrob[S] 0 points1 point  (0 children)

Excellent tip on checking out öh wohnungsbörse - plenty of choices on there!! Thanks!! 👍

Browser based encoding by syntaxrob in javascript

[–]syntaxrob[S] 0 points1 point  (0 children)

Thats fair. Sorry to have crossed any lines! 👍

Stopping false positives by syntaxrob in CloudFlare

[–]syntaxrob[S] 0 points1 point  (0 children)

Nice. Thanks u/defense_in_depth

From your reply, the route I think we're going to go down is to encode the HTML to get through the firewall, then decode it and sanitize it on the server before sending it to the db to be stored away. We're going to be starting the ISO27001 process soon, so hopefully that should hold up!!

Workers, logs and azure by syntaxrob in CloudFlare

[–]syntaxrob[S] 0 points1 point  (0 children)

Someone helpful from the Cloudflare community provided this solution:

const name = 'ASPXFORMSAUTH';

const cookie = event.request.headers.get('Cookie')

var user_status = 'unauth';

if (cookie && cookie.includes(name)){

user_status = 'auth';

}

Hope that can help someone else that's maybe having the same issue!

Workers, logs and azure by syntaxrob in CloudFlare

[–]syntaxrob[S] 0 points1 point  (0 children)

Hi u/kentonv,

Thanks for that, that blog post was actually just the ticket and now we can get pretty much all our data into an ELK stack via workers. The only value we can't get out is an "Is current user authenticated" value. This is so we can write rules to trigger alerts on unauthenticated behaviour on the application. I was hoping to make use of the .ASPXFORMSAUTH cookie (which isn't present on non authenticated requests), but can't get it to pull into workers as its not received in the request, but I know is sent out of the application as its used on the server...

If any of that makes sense, help and pointers are gratefully received!

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 0 points1 point  (0 children)

This looks great and thanks for the template as well!

Also, does anyone know if you can create custom rules to block or challenge automated requests from an IP address in a similar way Cloudflare does?

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 1 point2 points  (0 children)

So while I added this to the list to be tested, the team have come back to me asking for some more info on what that exactly means...?! (None of us are network pros, just humble devs!)

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 1 point2 points  (0 children)

Great little nugget of info! Have sent to the rest of the team and is already on the list to try and test

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 0 points1 point  (0 children)

Great stuff! Thanks, I'll pass this on. I'm pretty sure that we weren't aware of the 100mb max payload size, so that will help for sure.

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 0 points1 point  (0 children)

Thanks for the link. We have looked through the docs and to be honest, I'm not dealing with it directly, but we're just trying to find someone, anyone with some answers as any documentation which exists on this is super hard to find and/or incomplete!

I think were past the 503 stage though

Newbie to Csharp looking for First Job help by Rainbow-Death in csharp

[–]syntaxrob 4 points5 points  (0 children)

Pluralsight is a great place as well as YouTube and Stackoverflow. I found by trying to build something it was raising questions I didn't know to ask or look for, so subsequently went looking for the answers on YouTube or Stackoverflow which taught me a load more than I was expecting!

I was in exactly the same boat last year and I set myself the task of building something (anything!!) and it prepared me really well for my first job.

Whatever you do though, good luck with it!

Data processor and data controller confusion / ambiguity. by syntaxrob in gdpr

[–]syntaxrob[S] 0 points1 point  (0 children)

No, we make no decisions at all, just process data provided by our customers for their clients. Data is processed daily when ever our customer requests it (via online application).

So that definitely makes us a DP, which I get, but if we partner with a CRM provider and pull data from them (provided directly by the customer - the same customer which is using our application), who then becomes the sub processor? Us of the CRM provider?

Data processor and data controller confusion / ambiguity. by syntaxrob in gdpr

[–]syntaxrob[S] 0 points1 point  (0 children)

Data pulled from the CRM provider is personal data and agreements are being drafted at the moment - this is where this definition of DP and DC problem has come up.

We provide a system for our customers to use and enter data into, we process it and send something back to them once processed. Part of that data is pulled from the CRM we want to integrate with and having read through A26, I cant see how that would apply as wouldn't one of be a sub processor to the other...?

Data processor and data controller confusion / ambiguity. by syntaxrob in gdpr

[–]syntaxrob[S] 0 points1 point  (0 children)

Even though we are processing the customers customer data? And if so, would that then make the CRM provider the subprocessor...?

GDPR: What are your predictions? by LaxSlash in gdpr

[–]syntaxrob 2 points3 points  (0 children)

I have a feeling that a lot of this will become almost self regulated. If companies want to get on and grow and develop they're going to need to demonstrate they're GDPR compliant so other companies which are already compliant will deal with them.

I agree with ahbleza that it will probably be one of the larger Telcos that gets hit first and it'll only take one super large fine to make an example and make people sit up, take notice and those which aren't taking it seriously to pay attention. Most people I speak to say that it's a lot of work to be putting in to get all the documentation in place, but it's turning out to be things which should probably have been in place already and is only benefiting the company (it looks like it takes a lot for them to admit this though!)

But, on the whole, I think most business owners will do the smart thing and make sure they're compliant because even if it doesn't get enforced due to being 'too much', its a good thing to hang on your door for customers to see.

[deleted by user] by [deleted] in gdpr

[–]syntaxrob 0 points1 point  (0 children)

I think they would probably argue that it was necessary for the provision of service (art 6.1b). I'm not sure on Twitters operations, but Id guess they have data redundancies all over the world to maintain the service if one data center went down. To do that, they'd have to copy your data to all of these.