View Single Post
  #3  
Old January 30th, 2015, 11:28 AM
kalidas's Avatar
kalidas kalidas is offline
Super eCharchan
 
Join Date: May 2012
Location: Caves of Karakoram
Posts: 3,494
kalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond reputekalidas has a reputation beyond repute
Re: Poorly designed corporate sites

Quote:
Originally Posted by sarv_shaktimaan View Post
wow! looks like a case of bad production release.
  • A Production defect needs to be raised with critical priority
  • a RFC (Request for Change) will need to be logged with the Change Management team
  • VP's approval needs to be sought for a same day fix.
  • Ensure the admin team is made aware of the work coming their way during off-hours.
  • Fish-bone RCA (root cause analysis) is generally recommended when such lapses happen.
  • Audit teams will be interested in a summary of this mishap.
P.S. Good luck explaining to the VP how this was missed in QA and production release validation.
I don't think there is time for an RFC.

They need to open a incident ticket and issue the developers emerids.

There is a major loophole in their authentication / authorization framework. I'm guessing that the files reside on a separate framework and the network guy decided to open up port 80 to the world, since the referencing app was in the dmz. This is clearly shitty architecture.

They need to move the file server behind the DMZ. Webserver and app server teams need to make config changes. The app needs to make config changes. This is a mess I tell you.
__________________

Reply With Quote