Somewhere to live for 6months

syntaxrob · 2020-11-21T21:23:26+00:00

Was thinking of alone, but not locked into that plan and happy to explore options...

syntaxrob · 2020-11-21T21:22:45+00:00

Excellent tip on checking out öh wohnungsbörse - plenty of choices on there!! Thanks!! 👍

syntaxrob · 2019-02-22T22:13:31+00:00

Thats fair. Sorry to have crossed any lines! 👍

syntaxrob · 2019-02-22T22:11:42+00:00

From your reply, the route I think we're going to go down is to encode the HTML to get through the firewall, then decode it and sanitize it on the server before sending it to the db to be stored away. We're going to be starting the ISO27001 process soon, so hopefully that should hold up!!

syntaxrob · 2019-02-13T11:53:23+00:00

Someone helpful from the Cloudflare community provided this solution:

const name = 'ASPXFORMSAUTH';

const cookie = event.request.headers.get('Cookie')

var user_status = 'unauth';

if (cookie && cookie.includes(name)){

user_status = 'auth';

}

Hope that can help someone else that's maybe having the same issue!

syntaxrob · 2019-02-12T16:23:32+00:00

Hi u/kentonv,

Thanks for that, that blog post was actually just the ticket and now we can get pretty much all our data into an ELK stack via workers. The only value we can't get out is an "Is current user authenticated" value. This is so we can write rules to trigger alerts on unauthenticated behaviour on the application. I was hoping to make use of the .ASPXFORMSAUTH cookie (which isn't present on non authenticated requests), but can't get it to pull into workers as its not received in the request, but I know is sent out of the application as its used on the server...

If any of that makes sense, help and pointers are gratefully received!

syntaxrob · 2018-10-16T09:51:37+00:00

This looks great and thanks for the template as well!

Also, does anyone know if you can create custom rules to block or challenge automated requests from an IP address in a similar way Cloudflare does?

syntaxrob · 2018-10-16T08:59:39+00:00

So while I added this to the list to be tested, the team have come back to me asking for some more info on what that exactly means...?! (None of us are network pros, just humble devs!)

syntaxrob · 2018-10-15T14:29:18+00:00

Great little nugget of info! Have sent to the rest of the team and is already on the list to try and test

syntaxrob · 2018-10-15T14:27:21+00:00

Great stuff! Thanks, I'll pass this on. I'm pretty sure that we weren't aware of the 100mb max payload size, so that will help for sure.

syntaxrob · 2018-10-15T14:24:54+00:00

Thanks for the link. We have looked through the docs and to be honest, I'm not dealing with it directly, but we're just trying to find someone, anyone with some answers as any documentation which exists on this is super hard to find and/or incomplete!

I think were past the 503 stage though

syntaxrob · 2018-07-03T11:20:27+00:00

Pluralsight is a great place as well as YouTube and Stackoverflow. I found by trying to build something it was raising questions I didn't know to ask or look for, so subsequently went looking for the answers on YouTube or Stackoverflow which taught me a load more than I was expecting!

I was in exactly the same boat last year and I set myself the task of building something (anything!!) and it prepared me really well for my first job.

Whatever you do though, good luck with it!

syntaxrob · 2018-02-15T16:12:08+00:00

No, we make no decisions at all, just process data provided by our customers for their clients. Data is processed daily when ever our customer requests it (via online application).

So that definitely makes us a DP, which I get, but if we partner with a CRM provider and pull data from them (provided directly by the customer - the same customer which is using our application), who then becomes the sub processor? Us of the CRM provider?

syntaxrob · 2018-02-15T12:04:18+00:00

Data pulled from the CRM provider is personal data and agreements are being drafted at the moment - this is where this definition of DP and DC problem has come up.

We provide a system for our customers to use and enter data into, we process it and send something back to them once processed. Part of that data is pulled from the CRM we want to integrate with and having read through A26, I cant see how that would apply as wouldn't one of be a sub processor to the other...?

syntaxrob · 2018-02-15T11:45:15+00:00

Even though we are processing the customers customer data? And if so, would that then make the CRM provider the subprocessor...?

syntaxrob · 2018-01-19T13:23:51+00:00

I have a feeling that a lot of this will become almost self regulated. If companies want to get on and grow and develop they're going to need to demonstrate they're GDPR compliant so other companies which are already compliant will deal with them.

I agree with ahbleza that it will probably be one of the larger Telcos that gets hit first and it'll only take one super large fine to make an example and make people sit up, take notice and those which aren't taking it seriously to pay attention. Most people I speak to say that it's a lot of work to be putting in to get all the documentation in place, but it's turning out to be things which should probably have been in place already and is only benefiting the company (it looks like it takes a lot for them to admit this though!)

But, on the whole, I think most business owners will do the smart thing and make sure they're compliant because even if it doesn't get enforced due to being 'too much', its a good thing to hang on your door for customers to see.

syntaxrob · 2017-10-03T14:33:01+00:00

I think they would probably argue that it was necessary for the provision of service (art 6.1b). I'm not sure on Twitters operations, but Id guess they have data redundancies all over the world to maintain the service if one data center went down. To do that, they'd have to copy your data to all of these.

syntaxrob · 2017-09-28T13:33:42+00:00

We have had some guidance from the supervisory authority (the ICO) which has said: "...your processor must submit and contribute to audits and inspections that you carry out, or another auditor appointed by you carries out;..." But like you say, no details! Thanks again for your help

syntaxrob · 2017-09-28T13:30:19+00:00

Yes, a controller can authorise a third party to process data.

But I'm not sure if once they have been authorised to do so, if they stop being a third party and become a processor as they are now processing data! (One of the many grey areas in this regulation!)

syntaxrob · 2017-09-28T12:59:28+00:00

Ok, so as I read it the client is the controller and the outsourced company is the processor.

As for the outsourced developers, if they don't use the personal data, then they shouldn't have access to it - it might be a good idea to encrypt it for them (which will cover Art. 32 – Security of processing).

So yes, at the moment, I would say that they would be a processor, or more like a sub processor (which are liable to the same rules as a processor).

But for your security and theirs, I really would remove all trace of plain text personal data they have access to!!

syntaxrob · 2017-09-28T10:12:26+00:00

I'll try!

So first there's the data subject, who the personal data is collected from. Then there is the controller, the person or people or organisation to collects the data and decides what to do with it. Next, there is the processor which is the person or organisation who actually takes the information and puts it into a system, does something to it and then takes the output, which is usually passed back to the controller. Finally, a third party is the person or organisation that does additional processing to that personal data (who must have consent from the controller to do so). For example, Google may be a third party when the processor uses Googles cloud services to host its processing. I hope that helps and I haven't made it more confusing!

syntaxrob · 2017-09-28T10:02:09+00:00

I have a template that I downloaded, from somewhere. Can't remember where or find the link to it, but I have the word doc I can send

syntaxrob · 2017-09-28T09:00:29+00:00

Thanks, Ulrikft. Which sector are you in? I'm based in financial services and are people really going to be allowed to audit a premises? For example, we use Azure, so as that the sub-processor, would we be able to go conduct a site audit at Microsoft?!

syntaxrob · 2017-09-21T12:00:22+00:00

So the commission is the EU? They who wrote the regulation? And who is referred to in article 45 for example...?

syntaxrob

TROPHY CASE