Best Practice question about database access between Dev and Production Servers
Hello, I'm setting up a new environment and I would like to have the ability, through a web UI to copy objects from our production database (separate server) to a development/debugging database (separate server). My question is not about how to implement this but rather whether this is bad practice. It would involve exposing the production database on the dev server (via a datasource mapping in the cfadmin). This would mean that any developer that is using our dev server (my concern is contractors..) would be able to write a query against the production database and potentially download sensitive data. How to people handle this type of risk? One idea I had was to not hardcode the database username/password in the CFadmin and instead prompt for it when accessing this specific tool through the web UI. Does that sound like a reasonable means of protecting the data in the production database from developers working on the development server? Anybody have better ideas? Brook ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349658 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Best Practice question about database access between Dev and Production Servers
Putting production data source connections on the development server is a practice you should avoid. I cringe whenever I see developers do this. Having the development DSN on the production server is less risky. Another path would be having the two databases linked at the database level and use database code to copy objects between servers, possibly triggered by a command issued by a Web UI. Database security is easier to control at the database level, and you wouldn't have to expose the production dsn on the dev Web server. I can't think of too many examples where you would want to copy production data to development using a ColdFusion Web GUI. I use specialized database tools or scripts, with no UI, when transferring database data between environments. If you really need this ability through a ColdFusion application, then having a password prompt is a bit better than using an embedded password. -Mike Chabot On Sat, Jan 28, 2012 at 4:02 PM, Brook Davies cft...@logiforms.com wrote: Hello, I'm setting up a new environment and I would like to have the ability, through a web UI to copy objects from our production database (separate server) to a development/debugging database (separate server). My question is not about how to implement this but rather whether this is bad practice. It would involve exposing the production database on the dev server (via a datasource mapping in the cfadmin). This would mean that any developer that is using our dev server (my concern is contractors..) would be able to write a query against the production database and potentially download sensitive data. How to people handle this type of risk? One idea I had was to not hardcode the database username/password in the CFadmin and instead prompt for it when accessing this specific tool through the web UI. Does that sound like a reasonable means of protecting the data in the production database from developers working on the development server? Anybody have better ideas? Brook ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349659 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Best Practice question about database access between Dev and Production Servers
just take a copy of the live database and remove all sensitive data from it. either remove all data and replace with demo data, or just run a query that replaces the sensitive data with something else. On Sat, Jan 28, 2012 at 10:15 PM, Mike Chabot mcha...@gmail.com wrote: Putting production data source connections on the development server is a practice you should avoid. I cringe whenever I see developers do this. Having the development DSN on the production server is less risky. Another path would be having the two databases linked at the database level and use database code to copy objects between servers, possibly triggered by a command issued by a Web UI. Database security is easier to control at the database level, and you wouldn't have to expose the production dsn on the dev Web server. I can't think of too many examples where you would want to copy production data to development using a ColdFusion Web GUI. I use specialized database tools or scripts, with no UI, when transferring database data between environments. If you really need this ability through a ColdFusion application, then having a password prompt is a bit better than using an embedded password. -Mike Chabot On Sat, Jan 28, 2012 at 4:02 PM, Brook Davies cft...@logiforms.com wrote: Hello, I'm setting up a new environment and I would like to have the ability, through a web UI to copy objects from our production database (separate server) to a development/debugging database (separate server). My question is not about how to implement this but rather whether this is bad practice. It would involve exposing the production database on the dev server (via a datasource mapping in the cfadmin). This would mean that any developer that is using our dev server (my concern is contractors..) would be able to write a query against the production database and potentially download sensitive data. How to people handle this type of risk? One idea I had was to not hardcode the database username/password in the CFadmin and instead prompt for it when accessing this specific tool through the web UI. Does that sound like a reasonable means of protecting the data in the production database from developers working on the development server? Anybody have better ideas? Brook ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349660 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Best Practice question about database access between Dev and Production Servers
Generally, it is pretty bad practice to copy production data to any other network. You would most definitely not pass a SaaS 70 audit if they found that you were doing it. You would also not pass the same audit if they found that all of your developers had direct access to that data without going through permission granting hoops. That said, you may not have a need to worry about it if your data isnt really that sensitive in the first place. In which case, I think domain authentication would be the better way to govern the access. When people leave or contracts expire, the removal of their domain accounts would cover removing the DB access. Otherwise, you may find yourself managing the accounts individually for everything or changing the password every time someone leaves. Another option, which Russ mentioned, is scrubbing the data before copying it down to the dev network. Of course, you'd want to do that on the production network BEFORE copying it down to the other network. I have seen people do the scrubbing AFTER the move... which is kind of pointless. Just some things to think about. .:.:.:.:.:.:.:.:.:.:.:. Bobby Hartsfield http://acoderslife.com http://cf4em.com -Original Message- From: Brook Davies [mailto:cft...@logiforms.com] Sent: Saturday, January 28, 2012 4:02 PM To: cf-talk Subject: Best Practice question about database access between Dev and Production Servers Hello, I'm setting up a new environment and I would like to have the ability, through a web UI to copy objects from our production database (separate server) to a development/debugging database (separate server). My question is not about how to implement this but rather whether this is bad practice. It would involve exposing the production database on the dev server (via a datasource mapping in the cfadmin). This would mean that any developer that is using our dev server (my concern is contractors..) would be able to write a query against the production database and potentially download sensitive data. How to people handle this type of risk? One idea I had was to not hardcode the database username/password in the CFadmin and instead prompt for it when accessing this specific tool through the web UI. Does that sound like a reasonable means of protecting the data in the production database from developers working on the development server? Anybody have better ideas? Brook ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349661 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
