so, what is to stop them from running code from the app?!? Who do you call when ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hackerpacker on April 5, 2019 \| parent \| context \| favorite \| on: You Are Not Google (2017) so, what is to stop them from running code from the app?!? Who do you call when something breaks? Do you expect the dev to not be able to log in and investigate at 3am or whenever? I mean if you can't trust your dev team, or the procedures surrounding them, you are kinda screwed.

staticassertion on April 5, 2019 [–]

To be clear, the issue isn't about trusting developers in prod. It's about limiting access to prod as an avenue for attackers who will be looking to get in there and exfil sensitive data.

Nothing to do with trust of devs.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact