Security Basics mailing list archives
RE: Development Environment Best Practices
From: "David" <david () clicksee net>
Date: Thu, 16 Jun 2005 09:40:08 +0700
I did config and release management for 4 years. When I was learning I read a lot of Susan Dart but unfortunately the links I had for her are now broken... Try http://www.cmtoday.com/ If you ever have to work with VSS- horrible tool that I'm embarrassed to have worked with: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnvss/h tml/vssauto.asp One thing I will say about managing an environment with developers- Be strict about getting them to report config changes such as new registry entries and updates to drivers or software they implement. We used to allow them full control on the dev machines to install or change anything they wanted but we would also partially rebuild the machines each morning by script including re-writing the registry and reinstalling all web pages and dlls so it kept the dev environment clean and gave the developers a good reason to report changes they were making to us. If they didn't they would most likely go away by the next morning. Create a backup of everything you are going to replace and put anything you're going to release to QA in a release folder and then you will know for certain you are releasing the exact same thing to live. Find a good resource on "DLL hell" and managing GUIDs. This is another reason we compiled everything each morning to reinstall on the dev machines. That way older dlls compiled against an older version of a recently updated dll don't fail. Good Luck! -----Original Message----- From: Joshua Berry [mailto:jberry () PENSON COM] Sent: Tuesday, June 14, 2005 9:52 PM To: security-basics () securityfocus com Subject: Development Environment Best Practices Does anyone on this list have any resources for Development environment best practices. I am looking for something that explains the need to separate the production, testing, and development environments. I also need something explaining correct processes for developing and implementing code (such as: developers should not administer the production servers they install code on, or developers should not have full admin rights on all boxes, etc). Any help would be greatly appreciated. Thanks. Josh Berry | CISSP GCIA Information Security 214-765-1296 -------------------------------------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- (Former) White House Cybersecurity adviser Richard Clarke
Current thread:
- Development Environment Best Practices Joshua Berry (Jun 15)
- RE: Development Environment Best Practices David (Jun 16)