tags:

views:

247

answers:

6
+2  Q: 

what should developers have access to?

i work at a place where we build applications that process and store sensitive data. we have 3 environments. Dev, UAT / QA (user acceptant testing) and Production

the developers at my work have no access to UAT or Production and have limited access to Dev. All we can do in dev is connect to a dev DB server . we have no access to the dev server itself. so we arent allowed to play with things like the web server (iis) on dev. if we want changes we must go though a formal process of submitting work requests to our network administrators (which could takes days to complete). the same goes if a developer were to request for something to be checked in a UAT or PRod database. this strict access restriction is really frustrating when trying to support our applications.

i can understand why we have these policies, as it reduces the risk of things getting screwed up. but this makes solving issues really time consuming and painful. something that could take 5 mins to fix (if a developer had access) could take days to resolve.

is this sort of strict access rights normal?

+2  A: 

Difficult to say if it's normal. For example, I've worked for investment banks where they have even more draconian procedures than the ones you describe. I've also worked for one IB that had no procedures at all. However, it's noticeable that the former are still in business, whereas the latter went bust famously just recently!

anon  2009-07-17 08:34:51
+2  A: 

Sounds a bit tight to me. Normallly I would expect full control over the Dev server, I'd be happy to see readonly access onthe test server and to be perfectly honest, I'm not interested in looking at the production server (from a development point of view).

Of course, the following assumtpions are made here;

  • the 3 environments started off exactly the same
  • Changes made to prod are cascaded back to dev via test
  • Any configuration changes in Dev are made by the deployer to test and in prod

In our procedure here we don't allow the developer to deploy to test - this is up to the tester before we hand over to a 3rd party who deploys to prod.

This validates our release procedure as much as anything else.

So; as long as everythiong is documented for the release, you shouldn't need access to anything other than Dev, but it would be nice to have a decent level of control over the dev environment.

Hooloovoo  2009-07-17 08:42:00
+2  A: 

It's not a "dev server" if developers have no access. Now it's not unheard of to have 4 environments: production, pre-production, test and dev. (sorted by increasing access for devs). If I ignore names, it seems that you have the same structure except that you're missing the dev server.

MSalters  2009-07-17 08:58:04
It the risk of sounding like I'm trying to trump you - we have a customer with 5 environments - Dev, Test and CAT which we have full access to, then a release environment (where our release pack is verified) and a production environment that we don't have access to.It actually makes sense in this particular case, though it does seem a little extreme.
Hooloovoo  2009-07-17 09:03:49
+1  A: 

It's a question of what you want

There are 2 competing requirements at work:

  • Fast turnaround for fixing problems / developing new code.
  • Ensuring that no sensitive data get leaked.

Your company has decided (consciously or unconsciously) that it is better to reduce the risk of leaking sensitive data than to have the ability to fix problems and develop new code quickly. My company leans in the same direction, but is not really clued-up enough to take it to the extremes you are describing.

This is a business decision.

It is made because (probably unconsciously) your company puts a higher value on the downside risk (leaking data) than on the upside risk (making the software work). This is a common bias - it's known as being risk-averse (I'm sure there's a better term than that - anybody?), and it is very annoying for those of us who, trying to get our jobs done, have to overcome a bunch of obstacles put there by people who don't have a good understanding of the impact of those obstacles.

To Summarise

  • This is a business decision.
  • It's a question of how different risks are perceived.
  • It reflects a risk averse position.
  • This position has probably been arrived at by the company entirely unconsciously.
AJ  2009-07-17 09:13:24
With data leaking are you including code? Because it's the only sensible data that could leak from development enviroment (all data should be test data, not real data)
MaLKaV_eS  2009-07-17 12:43:15
A: 

Even in a small company, engineers shouldn't need much access to the dev environment beyond code. The core environment should remain fairly static. What types of things on the web server would you like to change at a rapid pace?

pbreitenbach  2009-07-17 09:19:17
we do things like- add new site to the IIS web server- change certain properties on IIS. e.g directory security. access methods- occasionally need to register DLLs - add stuff to global runtime library e.g .Net GAC
MakkyNZ  2009-07-17 09:42:02
It all goes toward building a deployment package. Technical changes could be things like "Configure the firewall" or "Make sure the [AppPoolUser] has access to a licence directory". Sometimes these things are critical. With virtualisation you're also a lot more likely to get a dedicated server for each environment as well.
Hooloovoo  2009-07-17 09:51:11
A: 

It's about change management; making sure all changes to the system are tracked and make it into release notes, and also that a change in one part of the system doesn't cause problems in another part.

If it was up to me, I'd give each developer a PC powerful enough to run as many virtual machines as needed to emulate the production environment, with total control over those machines. And then make sure every change to the official dev environment is documented so that full release notes can be produced.

pgs  2009-07-17 11:05:13

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security