|
Actually Rob, I don't believe security is really the issue here. It seems to me that auditability is the issue. The auditors want to easily verify the production objects are what they purport to be. The easiest way to do that is to have all source and objects on the production machine. For what it's worth, I'm inclined to agree with you that having source and objects on the production machine probably make it less secure. And verifying the source and objects match does NOT prevent tampering. If you think about it, someone, probably an employee, who managed to gain access and enough security could change the source on the production machine, recompile the relevant objects, and the auditors would never know. At least keeping the source on a different machine would make this person's life more difficult. The above scenario assumes, of course, that the auditors are not keeping installation logs and comparing object creation dates to the log, which would presumably be kept on a system other than the production system. Donald R. Fisher, III Project Manager The Roomstore Furniture Company (804) 784-7600 extension 2124 DFisher@roomstoreeast.com <clip> What I can't accept, blindly, is that keeping my source on my production machine makes it more secure. Granted, having it both on the production and development machine is shaky at best. <clip>
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.