heldercervantes

Members
  • Content count

    298
  • Joined

  • Last visited

  • Days Won

    7

heldercervantes last won the day on March 28

heldercervantes had the most liked content!

Community Reputation

445 Excellent

About heldercervantes

  • Rank
    Sr. Member

Contact Methods

  • Website URL
    http://heldercervantes.com

Profile Information

  • Gender
    Male
  • Location
    Porto, Portugal

Recent Profile Visitors

2,638 profile views
  1. heldercervantes

    I have also on occasion tweaked the styles for the markers, so that the active one is opaque and the others transparent. That helps when you have a bunch of them close together.
  2. heldercervantes

    Sorry this is going to be vague but... I've hacked it to support floats in some projects. It's not too hard. Just had to look in the module's code where the fields are defined and it's relatively easy to find the INT and change it to float. You may have to do the same in the DB as well. Takes some fiddling. I wish I could be more specific, but after formatting my machine I'd have to go through a bunch of backups to find actual code.
  3. heldercervantes

    Hey guys. Fresh off the oven. We're still polishing a bit, but went live anyway: https://inovtex.com/ Sorry this one is in Portuguese only, so you'll probably need the old google translate for it.
  4. heldercervantes

    Yep, that's exactly the behavior I was looking for. Time to get experimenting Thank you all
  5. heldercervantes

    Hey there. Anyone know of a clever approach to illustrate an options field with an image? I often do modular content editors using a repeater and an options field for the type of block. The repeater has all fields, and each fields' visibility is configured so it appears only when it's relevant to the chosen block type. This is cool, allows a lot of flexibility, but on more complex solutions I sometimes find that the admin could benefit from seeing an image that illustrates the option that's chosen. Kind of like the theme choosing step when you install PW. Any ideas on how to do something like this? Thanks
  6. heldercervantes

    Yup. Add /wp-admin to the URL and you're in the login screen. They made some design changes. Maybe whoever did it was more comfortable in WP?
  7. heldercervantes

    Disclaimer: Complete noob in security here. So, at the risk of sounding silly, would it make sense to keep the key in a different server? I mean, if the site's server is compromised, the key would be visible in the code. So, I'm thinking the key could be stored in a different server that's "completely airtight", and the only thing it does is listen to a key request from the main site's server, checks the IP and lends it the key. So any site scripts that needed to handle an encrypted field would have to make that request first. Does this make sense? Or would a breach where someone can access the DB + PHP files be so far gone that they'd also easily make the server request and expose the key?
  8. heldercervantes

    Well, encryption per-se is not mandatory, but "Data protection by design" is: https://gdpr-info.eu/art-25-gdpr/ They give leeway to choose an approach, but ask us to do something about it and not just let the info lying around for easy picking. Since pseudonymization is too complex for small to medium projects, I'd say our best bet would be on encrypting sensitive info like emails, names, id numbers, phones and addresses. As far as the things we build, there shouldn't be much hassle. Unless you're building apps that store medical records or something like that.
  9. heldercervantes

    Well I just finished writing up the privacy policy for my site. That was a hand full. Yeah, information backups will have to be considered carefully. Or just don't do backups like most people Now, about personal data anonymization and pseudonymization. What can we do in a PW installation to comply? Can something be made to automatically encrypt PW users data or pseudonymize it? This particular part of the requirements is what's driving me crazy.
  10. heldercervantes

    It doesn't necessarily have to be an expensive thing. Most small business' websites don't require personal information from their users. Right now I'm looking at a list of 20 sites I've built last year and only 3 or 4 store user's emails. No biggie there. Look at these guys' contact page and the privacy policy they have. It's a great reference for most cases. Now if you do store data, you'll have to be careful. I don't want to have something in the privacy policy like they have: "This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on (WordPress). Pseudonymisation, meaning that the personal data can no longer be attributed to a specific user without the use of additional, separately stored information (key), is a requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to implement it on our website as soon as we are able to."
  11. heldercervantes

    By the way, has anyone seen a website that already takes steps to comply with this? I'm seeing a page for a webinar on the subject with a registration form and no consent warning or even privacy policy link anywhere. I'm clicking google ads for companies selling consulting services that don't seem to have anything in place either.
  12. heldercervantes

    Yes, but... As a web developer that's hired to build a website and hand over the key, we can only answer for the job we did then. Unless we're hired to keep an eye on the site and keep it secure over time. This will eventually create new business opportunities for us and others. Already I'm reconsidering projects I'm working on and negotiating. I'm also looking at my previous projects to see which will need what, and of course those will need updating. Security companies will start selling this service, and probably hiring guns in the black market to poke people's websites and spread fear. I'm guessing even lawyers can start selling advice on what a site needs to ensure. At some point they need to register, and at that point your visitor will have to check that acceptance box. Once that's done they're considered informed and you shouldn't need to ask for acceptance again In an extreme scenario, that could even be the first step of the form. "You're about to enter a form that requires personal data. Before proceeding please read our privacy policy." I don't think it necessarily needs to be a checkbox, as long as it's absolutely clear. You just have to make sure your visitor is warned and is presented an opportunity to read the terms before any of their data is submitted.
  13. heldercervantes

    That's the whole point of this thread I don't think there necessarily needs to be a plugin for outputting legal stuff. Considering the basic contact form, there should be a privacy policy page somewhere that describes what happens to the data, and we have some guidance for writing that up here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/what-information-must-be-given-individuals-whose-data-collected_en. But that's our clients' responsibility, not ours. Of course, this will vary greatly from site to site. It's not the same as the cookie consent message. The company has to describe exactly what they will to do with the information and how long they'll keep it. We should also add the "I accept the terms of this site's privacy policy" checkbox on any forms that ask for private data, and the words "privacy policy" linking to the page where it's all described. There shouldn't be a problem stating that the form submits the data to our email for appropriate response, that no data is stored permanently on our servers, and should you require the right to be forgotten, please submit your request to the email xxx. This and all the rest that's stated in the link above. But so far this isn't more than a disclaimer and examples will start popping up everywhere on the web in no time. What worries me more is when the data stays in our PW. If the server is hacked and info is leaked, there can be an investigation that will evaluate how careful we were with the way we've built the site. They mention database encryption, security by design, and keeping the data for the least possible time. For me this is where one or two new modules may come in handy. Not keeping the CMS updated can theoretically burn someone. Example: We have a jobs form that stores a user's CV. In a year that CV will be outdated and would serve no use. A module that automatically manages that content's (page) date of expiration and deletion could be useful. Another example: A site that has a private area that a user can register to gain access to. After X months without logging in, the data is deleted. Maybe even notify the person that it will happen unless they log in before day X. Doesn't sound too complex to do. Now, security by design... I'm clueless. I saw a mention of stuff like scattering personal data in more than one DB and only by comparing a blind ID you can tie the info together. I can see the coolness, but can't see it as something viable for smallish sites.
  14. heldercervantes

    It's aimed at protecting EU citizens' privacy and therefore I don't know if you'd be able to take a dispute to court. Yesterday I read somewhere that was the worry that storing info on the cloud could mean that it's not in a server within the EU jurisdiction. I bet this will mean companies like google and facebook are forced to have european users' data in a european datacenter and comply to these rules.
  15. heldercervantes

    It seems it does and doesn't Basically any and all personal information, including something as simple as someone's name and email is a potential liability. So imagine you have a contact form, and just to be safe that form doesn't generate an email with all the info, but only a notification. You then log in to PW, see someone asking for an estimate, and how do you contact that person? Send an email and set a reminder to delete the Word document with the proposal and the email from the sent folder in case that person rejects the proposal or doesn't answer in 2 weeks? I'm seeing articles saying that internal emails are now a dangerous thing. Companies have to set up policies for managing information that safeguards it from a hacked email account, a stolen laptop or even a lost notebook. Imagine that, someone giving you their info over the phone, you write it down, the note gets lost and you're in court. Of course this is all hype aimed at getting Snapchat in the corporate world