BDSM, LGBTQ+, and sugar dating apps have been found exposing users’ private images, with some of them even leaking photos shared in private messages.
BDSM, LGBTQ+, and sugar dating apps have been found exposing users’ private images, with some of them even leaking photos shared in private messages.
The production database gets down-synced to the lower environments on demand, so they can test on actual production datasets. That would require us to manually remake this user account every time a dev down-syncs the database to a lower environment.
The customer is paranoid, as the project is their public facing website, so they want testing against the actual prod environment.
We don’t mange the SSO, as that is controlled by the customer. The only local (application specific) account is this account for testing.
That sounds fine? Just add it to the script when down-syncing. Or keep auth details in a separate DB and only sync that as needed (that’s what we do).
That’s the main problem then, not this testing engineer. We do test directly on prod, but it’s not our QA engineers doing the testing, but our support staff and product owners (i.e. people who already have prod access). They verify that the new functionality works as expected and do a quick smoke test to make sure critical flows aren’t totally busted. This covers the “paranoid customer” issue while also keeping engineers away from prod.
Maybe you’re doing something like that now, idk, but I highly recommend that flow.
We resolved it by making him use pipeline vars for his scripts. Like we told him to do in the beginning.
He fought it because he wanted his scripts the same for all projects. Including hard coded usernames and passwords. So, it was mostly his fault.
Ah, makes a ton of sense. We do the same, basically use a
.envfile for local dev and OPs overrides the vars with whatever makes sense for the environment.Yeah. Since he was a subcontractor, he wanted all his scripts to be the same, no matter who the customer was.
I was like jesus christ, I’m lazy too and want to automate everything, but edit your stupid scripts to use env vars.