June 17, 2017 at 2:54 pm
Comments posted to this topic are about the item DevOps Can Help
June 19, 2017 at 6:06 am
In the last case, certainly whoever sets up a system is responsible for using the correct credentials. While it's easy to say that a developer or tester shouldn't know the production credentials, but it's entirely possible that the person that configured the process would have the credentials. I don't know what to do here, as the first test of this might cause the issue.
One protection would be to run your automated testing on a network/VLAN which has no access to the production network.
Then production credentials would give a "Server Not Found" error in the tests, but do no harm.
June 19, 2017 at 8:36 am
Steve, in your lead article today you suggested that two factor authentication should be considered for all security setups. Where I work now I'm not involved with the production environment, so I can't say for sure, but I'd be willing to bet that we don't have two factor authentication involved. How does that work, in an environment in which you try to wall off the outside world from accessing your production systems?
Kindest Regards, Rod Connect with me on LinkedIn.
June 19, 2017 at 8:48 am
sknox - Monday, June 19, 2017 6:06 AMIn the last case, certainly whoever sets up a system is responsible for using the correct credentials. While it's easy to say that a developer or tester shouldn't know the production credentials, but it's entirely possible that the person that configured the process would have the credentials. I don't know what to do here, as the first test of this might cause the issue.
One protection would be to run your automated testing on a network/VLAN which has no access to the production network.
Then production credentials would give a "Server Not Found" error in the tests, but do no harm.
It's somewhat of a test, but not really. There are just some areas that we don't have good testing for. I with we had better patterns for actually being able to send through dummy transactions for testing (in emails, queues, etc.)
June 19, 2017 at 8:50 am
Rod at work - Monday, June 19, 2017 8:36 AMSteve, in your lead article today you suggested that two factor authentication should be considered for all security setups. Where I work now I'm not involved with the production environment, so I can't say for sure, but I'd be willing to bet that we don't have two factor authentication involved. How does that work, in an environment in which you try to wall off the outside world from accessing your production systems?
I was thinking two factor, not as we do it with Github, Facebooks, etc. with one person having two methods of verifying identity, but with two accounts being required. What I'd expect is that to add a new login, or at least a sysadmin, two other accounts have to approve the request. That way we have two people that potentially could see the problem
June 19, 2017 at 9:26 am
Steve Jones - SSC Editor - Monday, June 19, 2017 8:50 AMRod at work - Monday, June 19, 2017 8:36 AMSteve, in your lead article today you suggested that two factor authentication should be considered for all security setups. Where I work now I'm not involved with the production environment, so I can't say for sure, but I'd be willing to bet that we don't have two factor authentication involved. How does that work, in an environment in which you try to wall off the outside world from accessing your production systems?I was thinking two factor, not as we do it with Github, Facebooks, etc. with one person having two methods of verifying identity, but with two accounts being required. What I'd expect is that to add a new login, or at least a sysadmin, two other accounts have to approve the request. That way we have two people that potentially could see the problem
Oh I see. All right. Thanks.
Kindest Regards, Rod Connect with me on LinkedIn.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply