I work for a GIS company and our tools have not grown with our projects and client base. We use ArcPro personal geo databases (GDBs) for ALL data. We recently had a project where shit really hit the fan, one major issue was related to invalid values from poor version control. Everything uses personal GDBs and is just "version controlled" by dating filenames in Explorer. It would have been trivial to fix in a proper database. We also have operational constraints, like we can only have one person doing X job at a time since all the data for X job is in a personal GDB.

But I'm just an analyst. I've garnered some attention for my technical expertise beyond processing the data. PostGIS is a thing so it isn't as though we'd be recreating the wheel. How can I push for that sort of change? I'm thinking I can sell it using how much we lost on this project because of these avoidable failures. I'm also wondering if I can make this an opportunity to create a "database administrator" position for myself

I am planning to use Plaid API and have a spring boot backend but given that I will be storing my financial information (such as whatever the Plaid API needs me to store to use their endpoints as well as just the transactions on my credit and chequing account), the security of the data is obviously crucial. and I think my problem is I don't know what I don't know.

I have a basic idea of what kind of things I need to protect against.

1. WIll have to use Spring security (or whatever is best) for thing like protecting against xss and csrf
2. I need to ensure that the PostgreSQL database is encrypted

but beyond that, I don't know much about the nuances of each type of security and customizations I should be on the look-out for. wonder if there's a trustworthy resource for at least detailing for me the kind of security I need to implement on either the Spring or PostgreSQL side of things?

NewsBlur was down yesterday evening due to its Mongo database getting attacked by a hacker and held for ransom. It’s restored from backup, but there are privacy implications for anyone who had sensitive private data there. We will likely find out more after the maintainer recovers from a busy night.

There are no good links for this, but it’s being discussed on Hacker News. Since it’s open source, someone described what’s being kept in that database.

(I use NewsBlur, but I don’t think my RSS reading habits are all that sensitive. Others might be in a different situation, though.)