Re: Application Admins with Local Admin on Servers
- From: Ansgar -59cobalt- Wiechers <bugtraq@xxxxxxxxxxxxxxxx>
- Date: Wed, 11 Jul 2007 21:29:19 +0200
On 2007-07-09 Megan Kielman wrote:
I am trying to get a feel for what other companies do with regard to
application developers needing local admin privileges on servers. I am
specifically working in a Windows environment but believe that the
same principles would apply in any environment. Here are my questions:
Do you grant admin privileges to application developers?
On production servers? No.
Developer workstations are located in a separate network segment, and
each developer has admin privileges on his own workstation. I addition
to that there are servers for testing purposes in the developers'
network segment. Developers have admin privileges on these servers, too.
The transition developer server -> production server is done by system
administrators, with the assistence of the respective developer(s)
whenever needed.
If not, do you grant them specific access or do you take care of the
work for them?
No.
I do understand that it is a violation of separation of duties to
allow application developers to have local admin or root on systems, I
am simply try to get an idea of what the rest of the community does in
practice.
Properly separate the duties.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
- References:
- Application Admins with Local Admin on Servers
- From: Megan Kielman
- Application Admins with Local Admin on Servers
- Prev by Date: Re[2]: Why TCP is more secure than UDP?
- Next by Date: RE: Application Admins with Local Admin on Servers
- Previous by thread: Re: Application Admins with Local Admin on Servers
- Next by thread: RE: Application Admins with Local Admin on Servers
- Index(es):
Relevant Pages
|
