Stupidly tested some sql on development to return results for an admin (see the whole results) and stupidly didn't test the where clause for generic users (only see a subset of data)

To find out on production the where clause was being run because it wasn't a where, it was an 'and' and 'where' was not being used before so made the whole users get the entire results.

My own fault for not testing all use cases. Horrible though.

  • 0
    I always copy from prod to dev before running tests like this. my horror scenario is that I mix up the servers and run a drop db on prod. :-|
  • 1
    This is exactly the reason why developers should NEVER have access to Production. No exceptions.

    Get a fresh copy of the database from Production and restore it to a different database over night, then sanitise any sensitive data.
Add Comment