We're working on a security policies doc that exactly outlines our commitment to you.
In the meantime, we run on Amazon AWS. Their servers have incredible physical security. AWS: Overview of Security Processes<http://awsmedia.s3.amazonaws.com/pdf/AWS_Security_Whitepaper.pdf> . For SW access, all access to machines is controlled by SSH key access. Only heroku employees have access to systems, and then only the subset required to actually maintain the systems (for example, I do NOT have access to your code). We have strict policies in place regarding customer code. No heroku employee may look at or access customer code without explicit customer approval. Failure to comply is a fireable offense. If there's any other specific questions, please let me know! Oren On Mon, Jan 11, 2010 at 1:50 PM, Vincent P <[email protected]> wrote: > Thanks Devyn, > > What about the physical security of their servers? Also, in their > company, who has access to read the source code? Are these people > under NDA to us, Heroku customers? > > Thanks. > > Vincent. > > On Jan 7, 9:45 am, Devyn Cairns <[email protected]> wrote: > > All remote access to your code (git repository) is protected by the SSH > > public keys of you and the collaborators explicitly listed. If you try > > connecting on a machine that is not your own, you will get an error. > Public > > key authentication is quite secure, and a public key can not just be > copied > > from another machine, the private key would be needed too (which is > > something you never give out) > > > > Overall, I'd say there's very little risk in putting your own proprietary > > code on Heroku. > > > > Of course, I don't work there, so let's let them have a chance to answer. > > > > > > > > On Wed, Jan 6, 2010 at 6:13 PM, Vincent P <[email protected]> wrote: > > > Does Heroku guarantee the confidentiality of our source code hosted on > > > their servers? What measures does it take to ensure such > > > confidentiality? Our source code is our intellectual property > > > including trade secrets, the protection of which needless to say is > > > very important to us. > > > > > Thanks. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Heroku" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<heroku%[email protected]> > <heroku%[email protected]<heroku%[email protected]> > > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/heroku?hl=en. > > > > -- > > ~devyn > > -- > You received this message because you are subscribed to the Google Groups > "Heroku" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<heroku%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/heroku?hl=en. > > > >--
You received this message because you are subscribed to the Google Groups "Heroku" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/heroku?hl=en.
