PHYData DBA (3/20/2014)
In the last ten years I Have had the pleasure to work.
With at least four different offshores that demanded real copies of databases to use in the development of their product.
Three of them ended up having to admit that they sold some or all of this data.
The forth pointed out that this would be a possibility that they would not be liable for in their contracts up front.
Until we stop giving full and uncensored access to third party vendors how will their ever be data security?
As a developer I never want real data. Realistic data: yes. Real data: no.
I don't want access to the production database either.
It is not that I can't be trusted nor that I would mess things up. It is just that there is no need for me to have these things. I feel that same way about access to source code; no one outside of development (except any support functions who also maintain applications - which is a development function) should have access to modify code. In fact, I would want serious justification provided for why anyone would want access to read the code as there is often enough information to assist someone to carry out illegal, and certainly immoral, acts.
Anyone in security will tell you to only grant the minimal permissions for anyone to perform their own job. No more.
-- Stop your grinnin' and drop your linen...they're everywhere!!!