Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You're both right.

If the dev team needs something like ngrok, the security team has failed to provide proper tools.

If the dev team goes ahead and uses ngrok without consulting the security team, the dev team has likely committed an awful security breach.

The dev team and the security team need to think of each other as being on the same team, and talk to each every day about what they want and need.



Pretty sure a lot of people using this don't even have a "security team." They likely have corporate IT that takes 2 weeks to add a DNS entry. Something complex like mapping a public IP to a dev server would take an act of $DEITY.


so register a new domain and set it up in route53? is there some corporate law that says you can't?

just don't use your company's name in the domain name, make it something obscure.


Agreed. I personally don't have this problem. I have all my externally accessible dev servers on AWS. However, others are not so lucky.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: