The New Data Protection Features of .NET 8 (GDPR)
HTML-код
- Опубликовано: 20 дек 2023
- Use code CLEAN20 and get 20% off the brand new "Deep Dive in Clean Architecture" course on Dometrain: dometrain.com/course/deep-div...
Get the source code: mailchi.mp/dometrain/rk3-to7k6i8
Become a Patreon and get special perks: / nickchapsas
Hello everybody, I'm Nick, and in this video, I will introduce you to the new data compliance packages added in .NET 8. These packages include data redaction functionality that data regulators require in applications, usually due to GDPR.
Workshops: bit.ly/nickworkshops
Don't forget to comment, like and subscribe :)
Social Media:
Follow me on GitHub: github.com/Elfocrash
Follow me on Twitter: / nickchapsas
Connect on LinkedIn: / nick-chapsas
Keep coding merch: keepcoding.shop
#csharp #dotnet
Happy that you covered the StarRedactor as well. Simply removing the data looked a bit odd, as if the user did not provide anything. So, having something like that StarRedactor at least shows that some input was given. Great video, thanks for it!
We definetely need some benchmarks here to see the performance comparing to non redacted logging and comparison to Serilog as well
"This random number" in 10:42 is the biggest lie you've ever said in your life
As someone who use Serilog heavily. I find it very nice to see that the built in logger is starting to become more and more and alternative as it as more and more features and it is very nice that they use span everywhere and make it efficient as logging can really slow down an application espicially if you have alot of logs.
Great video Nick, thanks a million,
That was great video, thanks!
I'd love to see some benchmarks for msft logging + redaction vs. serilog direct interface with redactor and serilog through microsoft logging interface including redactor.
I'm happy you made this video.
That is useful!
Biggest challenge I see is adding attributes on models. It's convenient but now models have bits required for logging. I wish there was an easy way to set it up aside leaving models clean.
agreed, some fluent stuff like ef core would be nice
@@michaelrall8142 Logger.LogInformation("Customer created").WithoutSensitiveInfo().LeaveEmailVisible().ButNotTheUsername().OrMaybeTheUsernameButCertainlyNotThePassword().Please()
You can annotate the model directly in the generated logging method parameter, then your object remains clean. At the other point of view, we decided to have data directly annotated, since the sensitivness is attached to data itself. If you add one more flow, and forget about which parts of your data was sensitive you may leak it.
A lot of tradeoffs we made in the design were towards safety/not leaking data/performance.
Really nice! We implemented a solution that was heavy reflection based. Could we just plug this with system.Text.Json serializer?
if you use nlog and add @ before parameter in logging message (customer created {@customer}), it will get deconstructed even if its class, not sure if this works in other loggers
awesome!
What can we do if we are stuck in .net 6? I would love to have that expand object feature in .net 6
With the new code injection/generating, can we now extract the logging logic out of the classes, and specify where it should be added from outside the classes?
I think you did a video around this, and single responsability. Where there is a library that will, from what I remember, intercept the method call and log before calling/after calling it.
Good video! My social security number is leaked every quarter! Hopefully the IT world learns a thing or two.
very nice
At first glance the Redactor api seems odd to me. Why does the Redact method return a length and what is the purpose of the GetRedactedLength method? Why isn’t there just the one Redact method?
Possibly to create a buffer on the stack before the modification happens, so it will be faster and use less memory.
The reason for that is to allow redactor caller to provide buffer of specific size and make redactor implementation allocation free. GetRedactedLength should be called to obtain required size buffer for given redactor ( it depends on the hashing algorithm ). Then int is returned from redact method, so that caller know how mamy chars were really written.
Genuine question. Is there still a need for a tool like serilog now? Every additional package adds complexity to the solution, and it would be nice if the "OOB" tools did the job.
Probably still is, for it's sinks and integration with 3rd party services. But I would not use serilog directly, but through Microsoft's ILogger abstraction.
@@DemoBytomAye - I always use the MS ILogger . I wonder now though, when my main target is Azure Insights, whether its time to stop hooking up Serilog.
Using Serilog and OTel together is currently very awkward, so a new project I'm on I've currently decided to not use Serilog.
Is it possible to combine LoggerMessage with Serilog? thanks.
What about using @ to deconstruct objects?
Pretty sure this is a serilog feature that the built in provider doesn’t support by default
@@nickchapsasMakes sense, thanks!
Thank you for the video! But this doesn't make an application automatically GDPR compliant. It is just masking data, but the real thing is not to process personal data if they are not needed and store them in separate protected store
Hi Nick. I purchased the Modular Monoliths Geting Started and Deep Dive courses separately but didn't realise there came as a bundle. Any chance you could re-embuse the difference off my next course please? Ta
Email me at contact@dometrain.com
Can this be used for saving to database? Is there a way of return full data saved like this in db?
You can use encrypted columns so it will be encrypted on the db level. If I understood you correct
Hi! It would be fantastic if you would give us a repo with your .editorconfig file or some other code style sniffer config using your prefered choices
Please create video on .NET 8 with JWT using refresh Token
I have a hard time understanding why you would ever log anything more than the unique identifier for the object. Anyone can fill me in with a usercase?
ID can be understood as sensitive data, since in case of data breach it allows to correlate userId with its data.
Thanks for the video : ) Unfortunately this feature seems to me overly complicated and breaking cohesion. What about overriding toString() method and returning Json Format without the "critical" properties? For the encryption we can have two presentation of a domain object: DecryptedCustomer and EncryptedCustomer. DecryptedCustomer will have the custom toString() method and will be converted to EncryptedCustomer by domain service.
This is what I called overcomplicated. In the end in the video, after initial setup, all you have to do is add attributes to specific fields. It remains readable.
hellovrybody
What about built in PrintMembers() method in records? It should work fine as well
Dont understand the video, and what is the problem with the data compliance, dont understand why need to add * to the passwords besides when an user logins, that already happens by default using asp net core identity.
If only it was supported in .NET 6 too
its sad one of dotnets most prominent voices not even using visual studio
frack thgat GDPR sideways around telegraph line pole. GDPR is not about protecting your data, it's about allowing only big tech to collect and sell customer data.
not sure why, but getting drunk vibes form nick there
I was sick with a cold when I recorded 🥲
Distributed transactions were invented many years ago just to solve this problem.
This crap basically making the worst thing possible: it creates another queue out of a database table, and makes it pump messages to the next queue.
69 as “random number”…. Naughty 😊
Where are you from???
I gotta admit i hear a greek accent there...
He is!
10:44 ... sure... 69... random number ;)
I would love to see a hint in the title what the video covers in the .NET world. I‘m mostly doing UI with WPF and am a bit disappointed when I see web related code after a few seconds in.
You represent minority of .NET developers that use new .NET (Core), so I guess it's okay to omit the details. Most desktop projects are still on .NET Framework
@volan4ik. Indeed, sad reality. Winforms + egyptian pyramid-era framework version still are prevalent
Any .NET app can use the ILogger interface so it’s very much applicable to every type of app including WPF
True. See, I didn‘t even saw it‘s about ILogger, because I saw web related stuff in the first place and moved on. So just a little suggestion on how you could improve for choosing a title, from my side. Putting .NET for general, ASP/Web or UI/WPF/WinForms at the end of the title.
@@kiiOnihe more or less always uses AspNetCore to illustrate something as it's the easiest thing to test, with postman etc.., and it's what most dotnet developers are using dotnet for (... I believe)
Challenge. Integrate an ASPNET Core project into Unity :D
Second
Third?
Too many ads.. in and outside of video. makes me want to leave the vdo asap
First!!!!
Who cares!