This discussion is archived
3 Replies Latest reply: Mar 18, 2013 12:09 PM by sb92075 RSS

Agile Development vs Security

user451633 Newbie
Currently Being Moderated
Increasing some places I work at have a very strict and restrictive set up around Oracle development and test databases and servers.

They seem to think that so long as people have TOAD/SQL*Developer, that is it.

The dev/test databases tend to be neglected as teh DBA teams are "too busy" with production systems.

Developers who need to implement some new feature, or investigate prerformance issues are often left up the proverbial without a paddle. Obtaininb the tkprof trace file is a pain (raise request), then if you want to reformat the tkprof with some different options you have to raise anothe rrequest, by which time teh DBA is now fed at having to do his job.

Then we have the old deployment scripts for implementing project releases - how can you build-in things like checking all users have been kicked off, checking there are no locks/open cursors on object you are going to change. Builds and deployments need to tested regularly, but if you have to secure a DBA resource to do it then that restricts this activity.

Thankfully most places I have worked either trusttheir developers up to a point on the development and some test rigs, then apply more rigour as the the project progresses up the chain. This is reasonable.

The other approach that works well is to have 1 or 2 Development DBAs embedded in the team.

But, not allowing DBA access at all, and not having ready access to a DBA who understands the project goals/requirements and whatthe develoipers are tryingto achive is a new one on me.

I would welcome comments on whether I am wrong to think like this, or whether this really is a stupid policy implemented by people who never actually get to see their policies in action.
  • 1. Re: Agile Development vs Security
    sb92075 Guru
    Currently Being Moderated
    994566 wrote:
    Increasing some places I work at have a very strict and restrictive set up around Oracle development and test databases and servers.

    They seem to think that so long as people have TOAD/SQL*Developer, that is it.

    The dev/test databases tend to be neglected as teh DBA teams are "too busy" with production systems.

    Developers who need to implement some new feature, or investigate prerformance issues are often left up the proverbial without a paddle. Obtaininb the tkprof trace file is a pain (raise request), then if you want to reformat the tkprof with some different options you have to raise anothe rrequest, by which time teh DBA is now fed at having to do his job.

    Then we have the old deployment scripts for implementing project releases - how can you build-in things like checking all users have been kicked off, checking there are no locks/open cursors on object you are going to change. Builds and deployments need to tested regularly, but if you have to secure a DBA resource to do it then that restricts this activity.

    Thankfully most places I have worked either trusttheir developers up to a point on the development and some test rigs, then apply more rigour as the the project progresses up the chain. This is reasonable.

    The other approach that works well is to have 1 or 2 Development DBAs embedded in the team.

    But, not allowing DBA access at all, and not having ready access to a DBA who understands the project goals/requirements and whatthe develoipers are tryingto achive is a new one on me.

    I would welcome comments on whether I am wrong to think like this, or whether this really is a stupid policy implemented by people who never actually get to see their policies in action.
    what stops you from having your own sandbox Oracle DB inside of a VirtualBox system?
  • 2. Re: Agile Development vs Security
    user451633 Newbie
    Currently Being Moderated
    Good suggestion SB. One that I put forward already but "they" (the ones that make up policy) don't like it.
  • 3. Re: Agile Development vs Security
    sb92075 Guru
    Currently Being Moderated
    994566 wrote:
    Good suggestion SB. One that I put forward already but "they" (the ones that make up policy) don't like it.
    It is easier to ask forgiveness than permission.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points