How do you provide programmers with access to the source code and personal data of users?

Kolger2012-07-11 16:20:28

Freelance

Kolger, 2012-07-11 16:20:28

Hey!

We have several projects: a couple of online stores, a small social network. It was developed by me and people whom I fully trusted. Therefore, in development (on the dev-server and local machines), we, as a rule, used real user data, i.e. used a dump from the production server in daily work.

Now I want to take more remote employees into the project and I don’t want to give access to this data to the first person I meet. And, looking back, it’s not at all secure to use user data in development. Not to mention the fact that you can fall under a feil - such as sending a letter to a user from a dev server :)

How do you solve this problem in your company?

So far I've found two ways to solve the problem:

Use some kind of data generator. Development requires a complete database, but this data can easily be generated.
Use a dump from the production server, but replace personal data in it (nicknames, emails, for example). Naturally, everything is automated, using, for example, fabric.

Tell us what you do in your company. Thanks in advance for your reply!

Answer the question

In order to leave comments, you need to log in

9 answer(s)

soroktu, 2012-07-11
@soroktu

The second option is with the replacement of personal data with fictitious values. The full name and the name of us are changing. item. But protection is not from unscrupulous employees, but from the option when they come with a check (but there is no license and consent to the processing of personal data)

wersoo, 2012-07-11
@wersoo

Obfuscation and depersonalization of real data.

Wott, 2012-07-12
@Wott

Depending on what for:
In the early stages of development - a data generator or a fish.
At the support stage, there is depersonalized real data, because users come up with things that normal people cannot always foresee.
And you should not try to stop access to real data. The programmer holds the code in his hands and can insert anything into it and get the appropriate access. This is a trust issue that needs to be addressed immediately. As a last resort, set up site monitoring to detect unauthorized access.

Alexey Skahin, 2012-07-11
@pihel

There is access to everything, but every 2 years we go through a lie detector.

karenishe, 2012-07-11
@karenishe

at one time they had fun with such a "add-on" over php, which allowed each programmer to be given access to their personal directories: one is available from the web, the other is only for php.
if memory serves, all executable files of programmers were included inside the function, due to which a local namespace was created for each file. plus programmers' files were checked for the occurrence of the names of some functions that were locked (more precisely, there was a list of functions allowed for use - so the list is shorter, you understand).
file access: with chmod.
regarding access to the database: as in many frameworks, there was a base for development and a base for production. the second was accessed by a couple of truly trusted techies.
this was done more for home use. I am sure that there are much more serious and interesting developments.

Dmitry, 2012-07-11
@DedalX

Signing nda, and similar agreements.

akral, 2012-07-11
@akral

you can fall under a feil - like sending a letter to a user from a dev-server :)

I once launched a mailing list at a new job, being sure that this was a dev server and would not go any further.
Well, after that time, now there are still settings that transfer all mail * @ * to my address. :)
And I recommend it to you.

dxArtem, 2012-07-11
@dxArtem

On the election project, we kept all personal information in encrypted form. And the rest, when the dev server was updated, they ran a script where all soaps became user[ID] localhost .com, and all surnames became Smith, Anderson and so on :)

dxArtem, 2012-07-11
@dxArtem