RE: Development Environment Best Practices

From: David (david_at_clicksee.net)
Date: 06/16/05

  • Next message: Jennifer Fountain: "RE: Is it hacking?"
    To: "'Joshua Berry'" <jberry@PENSON.COM>, <security-basics@securityfocus.com>
    Date: Thu, 16 Jun 2005 09:40:08 +0700
    
    

    I did config and release management for 4 years. When I was learning I
    read a lot of Susan Dart but unfortunately the links I had for her are
    now broken...

    Try
    http://www.cmtoday.com/

    If you ever have to work with VSS- horrible tool that I'm embarrassed to
    have worked with:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnvss/h
    tml/vssauto.asp

    One thing I will say about managing an environment with developers- Be
    strict about getting them to report config changes such as new registry
    entries and updates to drivers or software they implement. We used to
    allow them full control on the dev machines to install or change
    anything they wanted but we would also partially rebuild the machines
    each morning by script including re-writing the registry and
    reinstalling all web pages and dlls so it kept the dev environment clean
    and gave the developers a good reason to report changes they were making
    to us. If they didn't they would most likely go away by the next
    morning.

    Create a backup of everything you are going to replace and put anything
    you're going to release to QA in a release folder and then you will know
    for certain you are releasing the exact same thing to live.

    Find a good resource on "DLL hell" and managing GUIDs. This is another
    reason we compiled everything each morning to reinstall on the dev
    machines. That way older dlls compiled against an older version of a
    recently updated dll don't fail.

    Good Luck!

    -----Original Message-----
    From: Joshua Berry [mailto:jberry@PENSON.COM]
    Sent: Tuesday, June 14, 2005 9:52 PM
    To: security-basics@securityfocus.com
    Subject: Development Environment Best Practices

    Does anyone on this list have any resources for Development environment
    best practices. I am looking for something that explains the need to
    separate the production, testing, and development environments. I also
    need something explaining correct processes for developing and
    implementing code (such as: developers should not administer the
    production servers they install code on, or developers should not have
    full admin rights on all boxes, etc).

    Any help would be greatly appreciated. Thanks.

     
    Josh Berry | CISSP GCIA
    Information Security
    214-765-1296
     
    --------------------------------------------------------------------
    If you spend more on coffee than on IT security, you will be hacked.
    What's more, you deserve to be hacked.
         -- (Former) White House Cybersecurity adviser Richard Clarke


  • Next message: Jennifer Fountain: "RE: Is it hacking?"

    Relevant Pages

    • Re: Is FreeBSD ready for desktop (Mozilla Flash)
      ... To that end, I will happily support Windows developers, ... it doesn't hurt the expert woh wants to use the config files. ... install this automatically when required for a webpage I think this can ... Just shouting that flash is a very useless piece of software is too ...
      (comp.unix.bsd.freebsd.misc)
    • Re: (Off Topic ) Open Source: The Model Is Broken ??
      ... has nothing whatever to do with the software license. ... by third parties, not the developers. ... there are source code archives where you can easily track changes over time and alternate branches of development - for a very small developer base. ... For the much larger user base there is only a choice of 500-page books detailing every obscure config option or the single default config that comes with a distribution. ...
      (Fedora)
    • [PATCH] preset loops_per_jiffy for faster booting
      ... Here is a patch which allows developers or users to preset the ... this code adds a new FASTBOOT menu to the kernel ... config system, where we would like ... is used by many embedded developers for reducing bootup time. ...
      (Linux-Kernel)
    • Re: VS.NET Public Namespaces, classes, Function - Conceptual misunderstanding.
      ... I was able to get everything working by referencing the DLL. ... how would a busy shop with say 10+ developers working ... If not, wouldn't there be DLLs all over the place, and how would other ... DLLs I won't see what namespaces, ...
      (microsoft.public.dotnet.framework.aspnet)
    • IDE leaving open handles to referenced DLLs
      ... We have a directory on a fileshare with our most recent built DLLs. ... Developers point the reference path at this directory when developing. ... the IDE has been sporadically leaving file handles open to some of ... the DLLs appear with an open mode of "no access" -- not sure ...
      (microsoft.public.vsnet.ide)