From dbaf73a4a50de03ef63bf774d9db145b2ad44d6b Mon Sep 17 00:00:00 2001 From: Kevin Matsubara Date: Sun, 11 Jan 2026 16:18:03 +0100 Subject: [PATCH] Add image to attachment-module project page. --- .../en/software/projects/attachment-module.md | 24 +++++++++++++++++++ .../jp/software/projects/attachment-module.md | 23 ++++++++++++++++++ .../nl/software/projects/attachment-module.md | 23 ++++++++++++++++++ 3 files changed, 70 insertions(+) diff --git a/portfolio/pages/en/software/projects/attachment-module.md b/portfolio/pages/en/software/projects/attachment-module.md index 291a66b..d1c1e1a 100644 --- a/portfolio/pages/en/software/projects/attachment-module.md +++ b/portfolio/pages/en/software/projects/attachment-module.md @@ -32,6 +32,29 @@ This was the first separate project I created for the company, so I set up a + + + + Flow diagram + +
+ + Flow diagram + +
+ + ## Lessons learnt The project owner did not want the users to separately log in to the web server of the attachment module. So a big security issue is that anyone with the link, can access uploaded files. At the time this was agreed to be a "temporary" solution. The project was deployed in 2017 and in 2021 this project was still running though. After all, the business must go on and if the problem's symptoms seems fixed, why bother with it further... @@ -41,3 +64,4 @@ Because other users could access other uploaded files using the right link, it w A big learning point for me was that not to compromise security, even for projects that are considered temporary. A problem never occurred. This compromise caused silly decisions to not allow users to delete their own files. I will defend my standpoint much more and use this project as an example. The actual problem here though, is why the other developers were not able to create a simple file upload feature. + diff --git a/portfolio/pages/jp/software/projects/attachment-module.md b/portfolio/pages/jp/software/projects/attachment-module.md index ecb5135..66071e6 100644 --- a/portfolio/pages/jp/software/projects/attachment-module.md +++ b/portfolio/pages/jp/software/projects/attachment-module.md @@ -38,6 +38,29 @@ This was the first separate project I created for the company, so I set up a + + + + Flow diagram + +
+ + Flow diagram + +
+ + ## Lessons learnt The project owner did not want the users to separately log in to the web server of the attachment module. So a big security issue is that anyone with the link, can access uploaded files. At the time this was agreed to be a "temporary" solution. The project was deployed in 2017 and in 2021 this project was still running though. After all, the business must go on and if the problem's symptoms seems fixed, why bother with it further... diff --git a/portfolio/pages/nl/software/projects/attachment-module.md b/portfolio/pages/nl/software/projects/attachment-module.md index 8fd92d6..c2b5392 100644 --- a/portfolio/pages/nl/software/projects/attachment-module.md +++ b/portfolio/pages/nl/software/projects/attachment-module.md @@ -32,6 +32,29 @@ This was the first separate project I created for the company, so I set up a + + + + Flow diagram + +
+ + Flow diagram + +
+ + ## Lessons learnt The project owner did not want the users to separately log in to the web server of the attachment module. So a big security issue is that anyone with the link, can access uploaded files. At the time this was agreed to be a "temporary" solution. The project was deployed in 2017 and in 2021 this project was still running though. After all, the business must go on and if the problem's symptoms seems fixed, why bother with it further...