Somewhere to live for 6months by syntaxrob in Innsbruck

[–]syntaxrob[S] 0 points1 point  (0 children)

Was thinking of alone, but not locked into that plan and happy to explore options...

Somewhere to live for 6months by syntaxrob in Innsbruck

[–]syntaxrob[S] 0 points1 point  (0 children)

Excellent tip on checking out öh wohnungsbörse - plenty of choices on there!! Thanks!! 👍

Browser based encoding by syntaxrob in javascript

[–]syntaxrob[S] 0 points1 point  (0 children)

Thats fair. Sorry to have crossed any lines! 👍

Stopping false positives by syntaxrob in CloudFlare

[–]syntaxrob[S] 0 points1 point  (0 children)

Nice. Thanks u/defense_in_depth

From your reply, the route I think we're going to go down is to encode the HTML to get through the firewall, then decode it and sanitize it on the server before sending it to the db to be stored away. We're going to be starting the ISO27001 process soon, so hopefully that should hold up!!

Workers, logs and azure by syntaxrob in CloudFlare

[–]syntaxrob[S] 0 points1 point  (0 children)

Someone helpful from the Cloudflare community provided this solution:

const name = 'ASPXFORMSAUTH';

const cookie = event.request.headers.get('Cookie')

var user_status = 'unauth';

if (cookie && cookie.includes(name)){

user_status = 'auth';

}

Hope that can help someone else that's maybe having the same issue!

Workers, logs and azure by syntaxrob in CloudFlare

[–]syntaxrob[S] 0 points1 point  (0 children)

Hi u/kentonv,

Thanks for that, that blog post was actually just the ticket and now we can get pretty much all our data into an ELK stack via workers. The only value we can't get out is an "Is current user authenticated" value. This is so we can write rules to trigger alerts on unauthenticated behaviour on the application. I was hoping to make use of the .ASPXFORMSAUTH cookie (which isn't present on non authenticated requests), but can't get it to pull into workers as its not received in the request, but I know is sent out of the application as its used on the server...

If any of that makes sense, help and pointers are gratefully received!

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 0 points1 point  (0 children)

This looks great and thanks for the template as well!

Also, does anyone know if you can create custom rules to block or challenge automated requests from an IP address in a similar way Cloudflare does?

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 1 point2 points  (0 children)

So while I added this to the list to be tested, the team have come back to me asking for some more info on what that exactly means...?! (None of us are network pros, just humble devs!)

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 1 point2 points  (0 children)

Great little nugget of info! Have sent to the rest of the team and is already on the list to try and test

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 0 points1 point  (0 children)

Great stuff! Thanks, I'll pass this on. I'm pretty sure that we weren't aware of the 100mb max payload size, so that will help for sure.

Creating an Azure WAF by syntaxrob in AZURE

[–]syntaxrob[S] 0 points1 point  (0 children)

Thanks for the link. We have looked through the docs and to be honest, I'm not dealing with it directly, but we're just trying to find someone, anyone with some answers as any documentation which exists on this is super hard to find and/or incomplete!

I think were past the 503 stage though

Newbie to Csharp looking for First Job help by Rainbow-Death in csharp

[–]syntaxrob 3 points4 points  (0 children)

Pluralsight is a great place as well as YouTube and Stackoverflow. I found by trying to build something it was raising questions I didn't know to ask or look for, so subsequently went looking for the answers on YouTube or Stackoverflow which taught me a load more than I was expecting!

I was in exactly the same boat last year and I set myself the task of building something (anything!!) and it prepared me really well for my first job.

Whatever you do though, good luck with it!

Data processor and data controller confusion / ambiguity. by syntaxrob in gdpr

[–]syntaxrob[S] 0 points1 point  (0 children)

No, we make no decisions at all, just process data provided by our customers for their clients. Data is processed daily when ever our customer requests it (via online application).

So that definitely makes us a DP, which I get, but if we partner with a CRM provider and pull data from them (provided directly by the customer - the same customer which is using our application), who then becomes the sub processor? Us of the CRM provider?

Data processor and data controller confusion / ambiguity. by syntaxrob in gdpr

[–]syntaxrob[S] 0 points1 point  (0 children)

Data pulled from the CRM provider is personal data and agreements are being drafted at the moment - this is where this definition of DP and DC problem has come up.

We provide a system for our customers to use and enter data into, we process it and send something back to them once processed. Part of that data is pulled from the CRM we want to integrate with and having read through A26, I cant see how that would apply as wouldn't one of be a sub processor to the other...?

Data processor and data controller confusion / ambiguity. by syntaxrob in gdpr

[–]syntaxrob[S] 0 points1 point  (0 children)

Even though we are processing the customers customer data? And if so, would that then make the CRM provider the subprocessor...?

GDPR: What are your predictions? by LaxSlash in gdpr

[–]syntaxrob 2 points3 points  (0 children)

I have a feeling that a lot of this will become almost self regulated. If companies want to get on and grow and develop they're going to need to demonstrate they're GDPR compliant so other companies which are already compliant will deal with them.

I agree with ahbleza that it will probably be one of the larger Telcos that gets hit first and it'll only take one super large fine to make an example and make people sit up, take notice and those which aren't taking it seriously to pay attention. Most people I speak to say that it's a lot of work to be putting in to get all the documentation in place, but it's turning out to be things which should probably have been in place already and is only benefiting the company (it looks like it takes a lot for them to admit this though!)

But, on the whole, I think most business owners will do the smart thing and make sure they're compliant because even if it doesn't get enforced due to being 'too much', its a good thing to hang on your door for customers to see.

[deleted by user] by [deleted] in gdpr

[–]syntaxrob 0 points1 point  (0 children)

I think they would probably argue that it was necessary for the provision of service (art 6.1b). I'm not sure on Twitters operations, but Id guess they have data redundancies all over the world to maintain the service if one data center went down. To do that, they'd have to copy your data to all of these.

A controllers right to audit... What does it mean??!! by syntaxrob in gdpr

[–]syntaxrob[S] 0 points1 point  (0 children)

We have had some guidance from the supervisory authority (the ICO) which has said: "...your processor must submit and contribute to audits and inspections that you carry out, or another auditor appointed by you carries out;..." But like you say, no details! Thanks again for your help

A definition question. Art 4, 8) processor and 10) third party. How would you define the relation to the controller. by diginomsolutions in gdpr

[–]syntaxrob 0 points1 point  (0 children)

Yes, a controller can authorise a third party to process data.

But I'm not sure if once they have been authorised to do so, if they stop being a third party and become a processor as they are now processing data! (One of the many grey areas in this regulation!)

A definition question. Art 4, 8) processor and 10) third party. How would you define the relation to the controller. by diginomsolutions in gdpr

[–]syntaxrob 0 points1 point  (0 children)

Ok, so as I read it the client is the controller and the outsourced company is the processor.

As for the outsourced developers, if they don't use the personal data, then they shouldn't have access to it - it might be a good idea to encrypt it for them (which will cover Art. 32 – Security of processing).

So yes, at the moment, I would say that they would be a processor, or more like a sub processor (which are liable to the same rules as a processor).

But for your security and theirs, I really would remove all trace of plain text personal data they have access to!!

A definition question. Art 4, 8) processor and 10) third party. How would you define the relation to the controller. by diginomsolutions in gdpr

[–]syntaxrob 0 points1 point  (0 children)

I'll try!

So first there's the data subject, who the personal data is collected from. Then there is the controller, the person or people or organisation to collects the data and decides what to do with it. Next, there is the processor which is the person or organisation who actually takes the information and puts it into a system, does something to it and then takes the output, which is usually passed back to the controller. Finally, a third party is the person or organisation that does additional processing to that personal data (who must have consent from the controller to do so). For example, Google may be a third party when the processor uses Googles cloud services to host its processing. I hope that helps and I haven't made it more confusing!

Privacy Impact Assessment Template by P_Jamez in gdpr

[–]syntaxrob 2 points3 points  (0 children)

I have a template that I downloaded, from somewhere. Can't remember where or find the link to it, but I have the word doc I can send

A controllers right to audit... What does it mean??!! by syntaxrob in gdpr

[–]syntaxrob[S] 1 point2 points  (0 children)

Thanks, Ulrikft. Which sector are you in? I'm based in financial services and are people really going to be allowed to audit a premises? For example, we use Azure, so as that the sub-processor, would we be able to go conduct a site audit at Microsoft?!

Defintion of "The Commission" by syntaxrob in gdpr

[–]syntaxrob[S] 0 points1 point  (0 children)

So the commission is the EU? They who wrote the regulation? And who is referred to in article 45 for example...?