Security Basics mailing list archives
RE: Procedural Issues
From: <security () calculateddecision com>
Date: Mon, 8 Jan 2007 21:17:05 -0600
I would say your main threat is that your team leader accidently hoses the live data. Also, if you're dealing with sensitive information, he obviously then has access to the real data. Whereas in the test environment you should be using masked up, bogus data. If you segregate the two environments, typically a systems administrator or application admin would be doing the move. Anthony Towry -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of WALI Sent: Monday, January 08, 2007 11:50 AM To: security-basics () securityfocus com Subject: Procedural Issues In a software development environment, what risks do we have if we allowed software development team leader, access to Live production servers? Security demands that the two environments be segregated. If I segregate the two environments, who would shift the code from development to Live? --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Procedures security (Jan 05)
- Re: Procedures PCSC Information Services (Jan 08)
- Procedural Issues WALI (Jan 08)
- RE: Procedural Issues Vic N (Jan 09)
- RE: Procedural Issues WALI (Jan 09)
- RE: Procedural Issues security (Jan 09)
- RE: Procedural Issues Vic N (Jan 09)
- Re: Procedures PCSC Information Services (Jan 08)
- <Possible follow-ups>
- Re: Procedures bucklerk (Jan 08)
- Re: Procedures bucklerk (Jan 08)