RE: Procedural Issues

[<security () calculateddecision com>]

I would say your main threat is that your team leader accidently hoses the
live data.  Also, if you're dealing with sensitive information, he obviously
then has access to the real data.  Whereas in the test environment you
should be using masked up, bogus data.

If you segregate the two environments, typically a systems administrator or
application admin would be doing the move.

Anthony Towry


-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of WALI
Sent: Monday, January 08, 2007 11:50 AM
To: security-basics () securityfocus com
Subject: Procedural Issues


In a software development environment, what risks do we have if we allowed
software development team leader, access to Live production servers?

Security demands that the two environments be segregated.

If I segregate the two environments, who would shift the code from
development to Live?


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------