Comment by dijit
21 hours ago
in my org, devs don’t have access to customer data directly, and sysadmins don’t have access to modify code.
It’s a simple rule from a simpler time, to limit the risk of total compromise.
21 hours ago
in my org, devs don’t have access to customer data directly, and sysadmins don’t have access to modify code.
It’s a simple rule from a simpler time, to limit the risk of total compromise.
Repos should not contain customer data.
Private Repos, in githubs case, might be customer data.
I think this might be more aimed at ensuring that if an attacker gains access to cloud login credentials via a compromised dev machine, those credentials can't then be used to access customer data.