I have an enterprise application running that uses both MySQL and Mongodb datastores. My development team all have ssh access to the machine in order to perform application releases, maintenance etc. I recently raised a risk in the business when users started storing highly sensitive data on the application that the developers have indirect access to this data which caused a bit of a storm and have now been mandated with securing the data so that it is not accessible. To me this does not seem possible because if the application has access to the database then a developer with access to the machine and application source will always be able to access the data. I am sure I am not the only one who has this issue. Please advise me on how this is being done in other corporates.
Aucun commentaire:
Enregistrer un commentaire