[ajug-members] Do Developers need Administrator rights

Dean H. Saxe dean at fullfrontalnerdity.com
Thu Dec 21 11:50:31 EST 2006 

Not to start a religious war, but Linux has its own challenges with  
security which should be considered too.  (Yeah, I'm no fan of  
Windows either, I prefer my Macs and will soon be running Windows  
under VMWare so I can get rid of the Dell laptop.)

-dhs


Dean H. Saxe, CISSP, CEH
dean at fullfrontalnerdity.com
"Great spirits have often encountered violent opposition from weak  
minds."
     --Einstein


On Dec 21, 2006, at 11:39 AM, Paul Bemowski wrote:

> Consider Linux.  It is a great platform to develop on, especially  
> if a company
> embraces it (which will be an uphill battle with windows corp  
> securty types).  Much
> less malicious software to deal with, but developers must be  
> familiar with it.
>
> I also know people who have had success using Linux in VMWare on  
> windows to develop.
>  I prefer Windows in VMWare on linux to access mail.
>
> Paul
>
> --- tooger at bellsouth.net wrote:
>
>> Fellow Developers
>>
>> I need your input on the topic of administrator priveleges. The  
>> public network is
>> a dangerous place. To protect the interests of the business, a  
>> network
>> administrator has to put in place significant defenses. One of  
>> these defenses is
>> to impose a policy that restricts a user from installing whatever  
>> they want onto
>> their desktop/laptop.
>>
>> In the Windows world, this typically means that the user has no  
>> administrator
>> priveleges. This policy works well for the typical user and  
>> certainly prevents
>> them from installing all sorts of rubbish on their corporate  
>> desktop exposing the
>> business in many different ways. The larger the company, the  
>> greater the risk, the
>> more restrictive the policy. I have found though that this policy  
>> doesn't work too
>> well for Developers (or is it just me).
>>
>> Developers need to be able to install versions of tools and  
>> products at will. At
>> times, they may need to have access to the registry. They may need  
>> to install and
>> run desktop editions of some pretty advanced software e.g. Oracle  
>> XE or SQL Server
>> 2005 Express as part of building their development environment.  
>> Trying to do our
>> jobs without Administrator priveleges is like being forced to  
>> paint a room with a
>> toothbrush and your hands tied behind your back. (Of course, I  
>> would say the
>> Windows security model is the root issue - can I do sudo in Windows?)
>>
>> However, I also recognise the need for a network administrator to  
>> secure the
>> network.
>>
>> What is the solution to providing a flexible development  
>> environment for
>> developers without exposing the network? One solution may be to  
>> have a dedicated
>> development network separate to the corporate network. What are  
>> your thoughts on
>> this solution? What about other solutions (virtual environments)?  
>> How do you cope
>> with such restrictive policies (personally, I've had to resort to  
>> using my own
>> laptop and private network at work)?
>>
>> Jason
>>
>> _______________________________________________
>> ajug-members mailing list
>> ajug-members at ajug.org
>> http://www.ajug.org/mailman/listinfo/ajug-members
>>
>
> _______________________________________________
> ajug-members mailing list
> ajug-members at ajug.org
> http://www.ajug.org/mailman/listinfo/ajug-members
>

More information about the ajug-members mailing list