Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This. The person that erased the database in my case came forward to me as soon as we realized what had happened. At that moment I was very happy it was an "inside job", it meant I could discard hacking.

As its said before: he made a mistake. The error was allowing the prod database to to be port forwarded from a non prod environment. As head of eng that was MY error. So I owned to it and we changed policies.



How do you prevent forwarding ports? Then one needs to disable ssh access?

Nice that you were a person he felt ok with sharing the mistake with, I suppose that's an important part of being head of eng.


`AllowTcpForwarding No`

There are ways around it, of course, but it prevents the scenario described above.


Thanks


Nope . The solution is to password protect and not give the pass to developers. Or only give read only access.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: