Time Savings vs. Security

Steve smorrey at gmail.com
Fri Jan 4 09:45:28 MST 2008


You've got them copying to removable media, thats a far greater threat
than possible network security issues.
My advice, seal up the removable media ports, i.e. USB with some JB
weld, then move to a subversion based setup using some sort of per
machine unique key.
If your really worried about security setup subversion on an in-house
server and manage it closely.
Only let the machine run subversion i.e. no extra services, and maybe
even make sure that doesn't have net access if it's all in house.  if
it needs to be shared between offices then let it have net access, but
again make sure it only uses https: and use a key file of some sort to
allow and deny access to machines.

Sincerely,
Steve

On Jan 4, 2008 9:36 AM, Ken Snyder <kendsnyder at gmail.com> wrote:
> I am programming in a somewhat common security setup where the
> development network is not connected to outside networks.  There are
> only two ways to copy deployments to test and production: removable
> media and a copy script using a Linux server that pushes files from dev
> to production or production to dev.
>
> We developers would like to make our weekly deployments by simply having
> the production machines svn checkout and svn update from our svn release
> branch.  However, technically minded upper managers see such a network
> setup as too insecure.  The developers are interested in saving time as
> our weekly deployments span 25 to 50 files per week across several web
> applications.
>
> Is the time savings worth the security risk?
>
>
> - Ken Snyder
>
>
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>



More information about the PLUG mailing list