So I’ve been thinking a lot of late about machines, exploits and how to stop this sort of thing. I’ve been in situations where developers have created “stuff” on production machines and then left the company. The problem then becomes interesting if that code does not work with an up dated version of the software say wordpress, drupal or the operating system.
Your then in a situation (if the machine is a web server or open and avalible on the net) where about the only thing you can do is lock down the firewall and harden the old un patched OS and hope that no one finds a way in / attackes the machine.
It’s always good to have at least 2 people who understand custom code in any company especially if you have a number of web servers to mange. But even then re building something and re creating that functionality is not always easy – and management need to be aware of the fact that this will take time and cost money.
So if that keen shiney developer comes along one day promising you a widget that will sell your own grandmother and only cost you a few hundred bucks worth of con-sultant fees, my advice is to run screaming from the room.
The up shot I’m trying to put to you?
Have the ablity to own your own code – because if you don’t and if it gets hacked or is found to be vunerable it’s going to cost you!
A simple approach is best – easyer managemet and long term savings.
Maybe grandma isn’t so bad after all!