Hacker News new | comments | show | ask | jobs | submit login

I suspect the point being made was that Joe First Line Support Guy shouldn't generally have arbitrary access to your database either. If you're handling sensitive information, including almost any personal data, then generally the number of people with root/admin/open access to the relevant systems should be minimal and tightly controlled, and everyone else should have controlled-by-need access through their own front-end.

Organisations (usually relatively small ones) where everyone can be root or access any user's file in the database so they can Get Things Done sound great, right up until the point where it turns out you hired the wrong person, they did something naughty with your database, and your whole organisation and/or its executives personally are sent to live in legal/regulatory hell for months/years/ever.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: