Staging/production DB and capabilites

18 views
Skip to first unread message

Pierre Thierry

unread,
Jan 5, 2022, 5:17:54 AMJan 5
to cap-talk
Hi,

at my job, we're currently building several web services, that can be accessed through URL capabilities. Some of those are kept in custom fields in our ERP, like in the user object when that user has some authority to trigger something.

I realized that this is a problem when I dump the production DB to inject it into my staging ERP, if the URLs point to the production services.

I guess one solution would be that all capabilites are in the form http://service:9876/IUSmPnd6x8J-cE_bLgrG6w . Then I can have "service" in my /etc/hosts and point wherever I want.

Is this something others have encountered? Any advice?

Alan Karp

unread,
Jan 5, 2022, 2:49:23 PMJan 5
to cap-...@googlegroups.com
I have attended several talks about both accidental and malicious events caused by this process.  Typically, somebody forgets that the pointers are to the production database.  In your case that might be forgetting to add a new service to your /etc/hosts or not even knowing that a new service exists.  The general advice from these talks is to have a completely separate test environment with different addresses from the production one.  The speakers are aware of the cost, but balance that against the disaster that can result.

--------------
Alan Karp


--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/c51f5f66-2e1b-440e-b6ab-694d01f6a761n%40googlegroups.com.

Raoul Duke

unread,
Jan 5, 2022, 2:55:24 PMJan 5
to cap-...@googlegroups.com
 firewall rules so test cant hit prod. 
Reply all
Reply to author
Forward
0 new messages