Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Please note that I'm not trying to shit on you.
If you seem to be responsible for this stuff, why, in the first place, they were allowed to try to interface with infrastructure in the first place, much less deploy their own infrastructure.
I mean, I get shortcuts are taken, but if you are preoccupied with certifications, maybe this is a valid concern? -
@CoreFusionX oh that's easy. I'm the new hire!
I'm not in charge of this stuff per say, but I replaced another DevOps (honestly just ops) guy who didn't think of these things.
This is a client's infrastructure, and they've gotten the client in trouble with SOC2 audits in the past and are on their last leg. -
@lungdart hooooleeesheit!
Who fucking does that?! Like seriously, where would one do that?
There's so many places to host it, so like what URL? -
@sariel it's totally safe, you're not whitelisted!
-
👍 for contacting the CTO
It’s sometimes not about shaming individual teams but to make the higher ups realise that they need to clarify that even if teams feel stressed out over time constraints: the business would rather have the deadline fail than to cut corners with security like this
Besides a lacking respect for security some teams might feel they lack authority to say no when stakeholders demand a tight deadline, and will cut every corner to appease their supposed overlords -
@jiraTicket bingo.
I've noticed many engineers are too shy to say no, and try to work all night to get it done, and still fail
If it's not happening by the deadline, the sooner people know the better -
-
@netikras 127.0.0.1 of course
-
@netikras don't worry it's safe. The IP was given by AWS, and they wouldn't compromise us with a bad IP! /s
-
@alexbrooklyn or was it 127.1 instead :D you know to save characters or smth
-
-
Smart Contract Audit Company helped me identify a critical flaw in my smart contract that could have led to a major security breach. Your team was quick to respond and provided me with a comprehensive report that allowed me to make the necessary changes. I am grateful for their expertise and highly recommend their services https://definme.com/ to anyone looking to secure their smart contract.
Data scientist: we need to whitelist a pod to connect to a database
Me: Whitelist? We don't use whitelists on private databases
DS: It's the new data warehouse database
Me: is it on <X> VPC?
DS: I'm not sure what that means but its ip is <real world ipv4>
Me: Are you hosting a publicly accessible database with all our end users information?!
DS: ...
Me: There goes our SOC2 audit controls...
DS: how long until you can white list it?
Me: I won't be whitelisting it. You need to put it on a private VPC and peer with the cluster, you'll have to rebuild all the Terraform and redeploy
DS: We didn't use Terraform because it takes too long, just white list the pods IP.
Me: No. I'm contacting the CISO and CTO...
rant