heldercervantes

Hey guys. Fresh off the oven. We're still polishing a bit, but went live anyway: https://inovtex.com/ Sorry this one is in Portuguese only, so you'll probably need the old google translate for it.

Yep, that's exactly the behavior I was looking for. Time to get experimenting Thank you all

Hey there. Anyone know of a clever approach to illustrate an options field with an image? I often do modular content editors using a repeater and an options field for the type of block. The repeater has all fields, and each fields' visibility is configured so it appears only when it's relevant to the chosen block type. This is cool, allows a lot of flexibility, but on more complex solutions I sometimes find that the admin could benefit from seeing an image that illustrates the option that's chosen. Kind of like the theme choosing step when you install PW. Any ideas on how to do something like this? Thanks

Yup. Add /wp-admin to the URL and you're in the login screen. They made some design changes. Maybe whoever did it was more comfortable in WP?

Disclaimer: Complete noob in security here. So, at the risk of sounding silly, would it make sense to keep the key in a different server? I mean, if the site's server is compromised, the key would be visible in the code. So, I'm thinking the key could be stored in a different server that's "completely airtight", and the only thing it does is listen to a key request from the main site's server, checks the IP and lends it the key. So any site scripts that needed to handle an encrypted field would have to make that request first. Does this make sense? Or would a breach where someone can access the DB + PHP files be so far gone that they'd also easily make the server request and expose the key?

Well, encryption per-se is not mandatory, but "Data protection by design" is: https://gdpr-info.eu/art-25-gdpr/ They give leeway to choose an approach, but ask us to do something about it and not just let the info lying around for easy picking. Since pseudonymization is too complex for small to medium projects, I'd say our best bet would be on encrypting sensitive info like emails, names, id numbers, phones and addresses. As far as the things we build, there shouldn't be much hassle. Unless you're building apps that store medical records or something like that.

Well I just finished writing up the privacy policy for my site. That was a hand full. Yeah, information backups will have to be considered carefully. Or just don't do backups like most people Now, about personal data anonymization and pseudonymization. What can we do in a PW installation to comply? Can something be made to automatically encrypt PW users data or pseudonymize it? This particular part of the requirements is what's driving me crazy.

It doesn't necessarily have to be an expensive thing. Most small business' websites don't require personal information from their users. Right now I'm looking at a list of 20 sites I've built last year and only 3 or 4 store user's emails. No biggie there. Look at these guys' contact page and the privacy policy they have. It's a great reference for most cases. Now if you do store data, you'll have to be careful. I don't want to have something in the privacy policy like they have: "This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on (WordPress). Pseudonymisation, meaning that the personal data can no longer be attributed to a specific user without the use of additional, separately stored information (key), is a requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to implement it on our website as soon as we are able to."

By the way, has anyone seen a website that already takes steps to comply with this? I'm seeing a page for a webinar on the subject with a registration form and no consent warning or even privacy policy link anywhere. I'm clicking google ads for companies selling consulting services that don't seem to have anything in place either.

Yes, but... As a web developer that's hired to build a website and hand over the key, we can only answer for the job we did then. Unless we're hired to keep an eye on the site and keep it secure over time. This will eventually create new business opportunities for us and others. Already I'm reconsidering projects I'm working on and negotiating. I'm also looking at my previous projects to see which will need what, and of course those will need updating. Security companies will start selling this service, and probably hiring guns in the black market to poke people's websites and spread fear. I'm guessing even lawyers can start selling advice on what a site needs to ensure. At some point they need to register, and at that point your visitor will have to check that acceptance box. Once that's done they're considered informed and you shouldn't need to ask for acceptance again In an extreme scenario, that could even be the first step of the form. "You're about to enter a form that requires personal data. Before proceeding please read our privacy policy." I don't think it necessarily needs to be a checkbox, as long as it's absolutely clear. You just have to make sure your visitor is warned and is presented an opportunity to read the terms before any of their data is submitted.

That's the whole point of this thread I don't think there necessarily needs to be a plugin for outputting legal stuff. Considering the basic contact form, there should be a privacy policy page somewhere that describes what happens to the data, and we have some guidance for writing that up here: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/what-information-must-be-given-individuals-whose-data-collected_en. But that's our clients' responsibility, not ours. Of course, this will vary greatly from site to site. It's not the same as the cookie consent message. The company has to describe exactly what they will to do with the information and how long they'll keep it. We should also add the "I accept the terms of this site's privacy policy" checkbox on any forms that ask for private data, and the words "privacy policy" linking to the page where it's all described. There shouldn't be a problem stating that the form submits the data to our email for appropriate response, that no data is stored permanently on our servers, and should you require the right to be forgotten, please submit your request to the email xxx. This and all the rest that's stated in the link above. But so far this isn't more than a disclaimer and examples will start popping up everywhere on the web in no time. What worries me more is when the data stays in our PW. If the server is hacked and info is leaked, there can be an investigation that will evaluate how careful we were with the way we've built the site. They mention database encryption, security by design, and keeping the data for the least possible time. For me this is where one or two new modules may come in handy. Not keeping the CMS updated can theoretically burn someone. Example: We have a jobs form that stores a user's CV. In a year that CV will be outdated and would serve no use. A module that automatically manages that content's (page) date of expiration and deletion could be useful. Another example: A site that has a private area that a user can register to gain access to. After X months without logging in, the data is deleted. Maybe even notify the person that it will happen unless they log in before day X. Doesn't sound too complex to do. Now, security by design... I'm clueless. I saw a mention of stuff like scattering personal data in more than one DB and only by comparing a blind ID you can tie the info together. I can see the coolness, but can't see it as something viable for smallish sites.

It's aimed at protecting EU citizens' privacy and therefore I don't know if you'd be able to take a dispute to court. Yesterday I read somewhere that was the worry that storing info on the cloud could mean that it's not in a server within the EU jurisdiction. I bet this will mean companies like google and facebook are forced to have european users' data in a european datacenter and comply to these rules.

It seems it does and doesn't Basically any and all personal information, including something as simple as someone's name and email is a potential liability. So imagine you have a contact form, and just to be safe that form doesn't generate an email with all the info, but only a notification. You then log in to PW, see someone asking for an estimate, and how do you contact that person? Send an email and set a reminder to delete the Word document with the proposal and the email from the sent folder in case that person rejects the proposal or doesn't answer in 2 weeks? I'm seeing articles saying that internal emails are now a dangerous thing. Companies have to set up policies for managing information that safeguards it from a hacked email account, a stolen laptop or even a lost notebook. Imagine that, someone giving you their info over the phone, you write it down, the note gets lost and you're in court. Of course this is all hype aimed at getting Snapchat in the corporate world

Hey community! Anybody worried about the new regulation? From May 25th on, we better start complying, otherwise there's an "up to 4% of the year's turnover or 20 Million euro fine, whichever greatest" hanging over our heads. Most my projects don't store any data and the forms only submit to email. I can't find any information regarding this scenario, but I'm guessing we'll need to add disclaimers in a privacy policy that clearly answers these questions: https://goo.gl/iczesa, and a checkbox for accepting the terms. I'm curious though about how something like privacy by design could be implemented in PW. Looks like it's time to send proposals to all our previous clients

Very nice

YAY!

Well spotted @DaveP, hovering the "Português" link on the top right points to http://assembleia.pt/http404/. I'd try updating or reinstalling the language modules.

Also this could help: http://processwire.com/docs/tutorials/troubleshooting-guide/page3

It could be related to the environment. Check the thread above. On one of my more recent sites I had to switch the PHP version on my Cpanel to a newer version.

Parece que podemos falar português Are you getting that .htaccess from an installation of the PW version you're upgrading to? Look here: https://github.com/processwire/processwire/tree/dev

Sounds like a problem with .htaccess Check that you have it there and maybe it needs updating too.

Well said. I've used it on my last project and was blown away by the results. Images turn out looking much better than with GD as well, without all that color banding crap.

I hear you Rick. And the menu font is a bit too slim for my taste as well, but I just code on this one Wouldn't mind dining there tonight myself.

If you've seen Verride Hotel, you've seen this layout before: http://restaurantecriatura.pt/en/ This is one of the restaurants in Verride Hotel in Lisbon. It uses the same base layout for the master site, with some new stuff here and there. Both opened doors this week so you can start making your reservations

You're generating the variations with the API on the frontend, right? This sounds like a memory limit thing. I've had sites crash when they got a bunch of really big images added to a page. Access that page after and the processing time is clearly noticeable. On extreme cases I got a timeout, but refreshed the page and since most variations were already generated from the previous attempt, the second try goes through. This may help: https://processwire.com/blog/posts/processwire-3.0.63-adds-client-side-image-resizing/