• 0 Posts
  • 56 Comments
Joined 1 year ago
Cake day: July 1st, 2023
  • ShortFuse@lemmy.worldtoProgramming@programming.devWhat is your preferred API error response and why?
    13·
    4 months ago

    Don’t use JSON for the response unless you include the response header to specify it’s application/json. You’re better off with regular plaintext unless the request header Accept asked for JSON and you respond with the right header.

    That also means you can send a response based on what the request asked for.

    403 Forbidden (not Unauthorized) is usually enough most of the time. Most of those errors are not meant for consumption by an application because it’s rare for 4xx codes to have a contract. They tend to go to a log and output for human readers later, so I’d lean on text as default.

  • ShortFuse@lemmy.worldtoProgrammer Humor@programming.devJSON Query Language
    2·
    5 months ago

    Either do a left join and repeat all the post values for every tag or do two round-trip queries and manually join them in code.

    JSON_ARRAYAGG. You’ll get the object all tidied up by database in one trip with no need to manipulate on the receiving client.

    I recently tried MariaDB for a project and it was kinda neat, having only really messed with DynamoDB and 2012 era MsSQL. All the modern SQL languages support it, though MariaDB and MySQL don’t exactly follow the spec.

  • ShortFuse@lemmy.worldtoMemes@lemmy.mlplease
    3·
    6 months ago

    No. Microsoft is not liable, at least when it applies to HIPAA.

    The HIPAA Rules apply to covered entities and business associates.

    Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.

    If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules. See definitions of “business associate” and “covered entity” at 45 CFR 160.103.

    https://www.hhs.gov/hipaa/for-professionals/covered-entities/index.html

  • ShortFuse@lemmy.worldtoMemes@lemmy.mlplease
    18·
    6 months ago

    HIPAA doesn’t even require encryption. It’s considered “addressable”. They just require access be “closed”. You can be HIPAA compliant with just Windows login, event viewer, and notepad.

    (Also HIPAA applies to healthcare providers. Adobe doesn’t need to follow HIPAA data protection, though they probably do because it’s so lax, just because you uploaded a PDF of a medical bill to their cloud.)