On Wed, Nov 23, 2011 at 11:24 AM, Scott Barnes <[email protected]> wrote: > See, i'm not buying that :) > Risk matrix - Consequences vs Likelihood. > Questions - Why are developers working with production grade data (customers > info etc).
Because only production data is a large enough set to do certain testing. (speed, queries that return extremely large recordsets, etc) > Shouldn't that be partitioned off into a more secure locked down > release area only. Developers working with "Foo Jones" is imho the counter > pill to the for mentioned claim. > Placing the developer pool in their own DMZ sandbox imho is also the way > forward, so if they are compromised its contained and all data etc should be > test data that doesn't include sensitive information. Better, but still not good if you want to be testing many many connections/users to a large db. > IP getting stolen? Theres a million ways to bypass a locked down machine to > get the data in/out ..if someone were to expose the code base or documents > it first is likely they are moving data outside the confines of the said PC > and secondly are likely to screw up no matter how much Sys Admin nannying is > in place. And testing for the overhead caused by nannying is useful, too. -- Meski http://courteous.ly/aAOZcv "Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough" - Adam Hills
