kevin/portfolio
1
0
Fork 0
Code

Add image to attachment-module project page.

Browse Source
This commit is contained in:
Kevin Matsubara 2026-01-11 16:18:03 +01:00
parent 39e59c91af
commit dbaf73a4a5
3 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
portfolio/pages/en/software/projects/attachment-module.md
View File

@ -32,6 +32,29 @@ This was the first separate project I created for the company, so I set up a <a
* If the file is cached on the web server, then this file is opened.
* If the file is not cached, the web server downloads the file from the database server and then opens it.
<figure class="text-center">
<picture class="d-flex justify-content-center">
<source
media="(max-width: 510px)"
srcset="/images/software/projects/attachment-module/file-uploader-w240.webp"
/>
<source
media="(max-width: 850px)"
srcset="/images/software/projects/attachment-module/file-uploader-w480.webp"
/>
<img
src="/images/software/projects/attachment-module/file-uploader-w800.webp"
alt="Flow diagram"
class="img-fluid"
/>
</picture>
<figcaption class="figure-caption mt-2">
<a href="/images/software/projects/attachment-module/file-uploader-w800.webp">
Flow diagram
</a>
</figcaption>
</figure>
## Lessons learnt
The project owner did not want the users to separately log in to the web server of the attachment module. So a big security issue is that anyone with the link, can access uploaded files. At the time this was agreed to be a "temporary" solution. The project was deployed in 2017 and in 2021 this project was still running though. After all, the business must go on and if the problem's symptoms seems fixed, why bother with it further...
@ -41,3 +64,4 @@ Because other users could access other uploaded files using the right link, it w
A big learning point for me was that not to compromise security, even for projects that are considered temporary. A problem never occurred. This compromise caused silly decisions to not allow users to delete their own files. I will defend my standpoint much more and use this project as an example.
The actual problem here though, is why the other developers were not able to create a simple file upload feature.

23
portfolio/pages/jp/software/projects/attachment-module.md
View File

@ -38,6 +38,29 @@ This was the first separate project I created for the company, so I set up a <a
* If the file is cached on the web server, then this file is opened.
* If the file is not cached, the web server downloads the file from the database server and then opens it.
<figure class="text-center">
<picture class="d-flex justify-content-center">
<source
media="(max-width: 510px)"
srcset="/images/software/projects/attachment-module/file-uploader-w240.webp"
/>
<source
media="(max-width: 850px)"
srcset="/images/software/projects/attachment-module/file-uploader-w480.webp"
/>
<img
src="/images/software/projects/attachment-module/file-uploader-w800.webp"
alt="Flow diagram"
class="img-fluid"
/>
</picture>
<figcaption class="figure-caption mt-2">
<a href="/images/software/projects/attachment-module/file-uploader-w800.webp">
Flow diagram
</a>
</figcaption>
</figure>
## Lessons learnt
The project owner did not want the users to separately log in to the web server of the attachment module. So a big security issue is that anyone with the link, can access uploaded files. At the time this was agreed to be a "temporary" solution. The project was deployed in 2017 and in 2021 this project was still running though. After all, the business must go on and if the problem's symptoms seems fixed, why bother with it further...

23
portfolio/pages/nl/software/projects/attachment-module.md
View File

@ -32,6 +32,29 @@ This was the first separate project I created for the company, so I set up a <a
* If the file is cached on the web server, then this file is opened.
* If the file is not cached, the web server downloads the file from the database server and then opens it.
<figure class="text-center">
<picture class="d-flex justify-content-center">
<source
media="(max-width: 510px)"
srcset="/images/software/projects/attachment-module/file-uploader-w240.webp"
/>
<source
media="(max-width: 850px)"
srcset="/images/software/projects/attachment-module/file-uploader-w480.webp"
/>
<img
src="/images/software/projects/attachment-module/file-uploader-w800.webp"
alt="Flow diagram"
class="img-fluid"
/>
</picture>
<figcaption class="figure-caption mt-2">
<a href="/images/software/projects/attachment-module/file-uploader-w800.webp">
Flow diagram
</a>
</figcaption>
</figure>
## Lessons learnt
The project owner did not want the users to separately log in to the web server of the attachment module. So a big security issue is that anyone with the link, can access uploaded files. At the time this was agreed to be a "temporary" solution. The project was deployed in 2017 and in 2021 this project was still running though. After all, the business must go on and if the problem's symptoms seems fixed, why bother with it further...