× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2004

RE: Restrict ability to alter variables in debugger on production

All the solutions then point out to the fact that there is no way anyone can 
fix anything in a live environment without impinging on SOX or data protection. 
That to me is an absolute nonsense, SOMEBODY has to be able to look at data, 
SOMEBODY has to be able to fix data. All this generating of test data as 
already pointed out may not be able to recreate the problem. The impression 
that I am getting from most of the replies here is that programmers cannot be 
trusted to look at data, or that they cannot be given the authorisation and 
sign some declaration of none disclosure. This is a pretty sad state of affairs 
in my humble opinion.  And as for copying data to a test environment taking a 
long time, well if that is what it take then that is what it takes, or use one 
of the "unauthorised" methods, the choices are limited! The solution below I 
think would be discounted straight away as it relies on someone bothering to 
put down what they did, not the system recording what they did. 

Steve

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Lim Hock-Chai
Sent: Thursday, November 11, 2004 5:59 PM
To: Midrange Systems Technical Discussion
Subject: RE: Restrict ability to alter variables in debugger on
production


that is what we are trying to get implemented on our shop.  A bit different 
though, we are actually creating a system that the on-call programmer can sign 
on to get some additional access to production system.  This system requires 
on-call programmer to comment as why he/she needs to sign on and what he/she 
did before sign off.  I think it also saves the joblog.  

Not sure if this will pass SOX yet.

 

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of Steve Morrison
Sent: Thursday, November 11, 2004 10:43 AM
To: Midrange Systems Technical Discussion
Subject: RE: Restrict ability to alter variables in debugger on
production


At a previous employer, we worked with a system setup as I described
earlier. Programmers had read only access to production libraries. If the
on-call programmer needed additional access to correct a problem, the night
operator would run a special job granting additional authority  for that
session. After ending the session, the programmer would again be restricted
to read only access of production data.  


Steve Morrison
Beacon Insurance
940-720-4672 

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.