Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
If you can wipe out a system and there is no way for someone to recover that system after you are fired then you are a single point of failure and it's not a secure system. My point really stems from the fact that most theft and damage is internal, not external.

At one company where I was the lead developer I made it a point to not have root on any shared server. None of the programmers had root to production or central web servers. We each had our own server that we built and used CVS to manage the code. There was no single point of failure. I could decide to go postal at any time and the system was never at risk.

Lucky for them I did, because after they fired us all , escorting us with armed guards from the building with one hours notice, the site wasn't at risk dispite our anger at the way we were treated. It ran safely for many months until they went bankrupt.

Update after a few hours of sleep:Having all of the developers work in their own environment came not out of distrust, but from a desire to get beyond the BS that I've seen happen over and over in a centralized free for all environment: A stupid angry developer who decides to log in as someone else to try to make them look stupid. Product Managers who decide that they don't like the pace of things and decide to go in and change other peoples work without telling anyone. It's a lot of fun to tell people who ask for a root password "I don't have root and I built that damn thing, why the hell do you need it."

I think that it's interesting when building something to play the game of imagining an opponent trying to break into my application who knows everything that I know. If I wanted to f___ with an web application what would I do, and how would I defend against myself, being that I'm the person most likely to be able to do the most damage.

()-()
 \"/
  `                                                   ` 

In reply to Re: Re: Re: Is it Secure? by ignatz
in thread Is it Secure? by cjf

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others studying the Monastery: (3)
As of 2024-03-29 06:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found