undefined | Better HN

0 pointsHamuko5y ago0 comments

Just how in the world are people deploying Django apps with DEBUG = True?

0 comments

Simple, human error and no code review process for your production environment.

Something similar happened to a huge retailer here in Austria where just typing your username without password would log you in. Reason? An intern committed debug code to production and nobody noticed. In my book that's not the fault of the intern but the fault of the CTO/$TECH_LEAD that hasn't implemented and religiously uphold a code review process for everything that goes into production since stuff like this could happen even to experienced engineers that are tired or having a bad day.

kernaussage5y ago

I live in Austria as well, could you share to which retailer it happened?

1 more reply

jbverschoor5y ago

It shouldn’t be a manual code switch in the first place.

ummonk5y ago

What else would it be? The authentication code would live somewhere. And for debugging someone could change it to always return successful for an empty password. That debugging change shouldn't be checked in of course, and it should have been caught in code review. (It's a reasonable oversight for the authentication unit tests to only test incorrect passwords rather than the edge case of empty passwords)

1 more reply

jfkebwjsbx5y ago

It is the fault of both.

Interns are not stupid and so they have to carry the burden of their mistakes too.

kortilla5y ago

No, absolutely not. As an engineer you develop systems and processes that don’t allow such major mistakes.

You can’t fault people for making simple mistakes or you’ll end up with an organization where nothing gets done.

1 more reply

whatch5y ago

That can happen when maintainers are professional scientists rather than professional web developers

update: added "professional" before "scientists"

HamukoOP5y ago

But you'd think they're still reading through Django's deployment documentation which explicitly states that you don't run DBEUG = True in production.

acdha5y ago

I used to support scientists. I would not expect that unless you got the documentation published in a high-profile journal.

1 more reply

j / k navigate · click thread line to collapse

0 comments

ChuckNorris895y ago

Simple, human error and no code review process for your production environment.

kernaussage5y ago

I live in Austria as well, could you share to which retailer it happened?

1 more reply

jbverschoor5y ago

It shouldn’t be a manual code switch in the first place.

ummonk5y ago

1 more reply

jfkebwjsbx5y ago

It is the fault of both.

Interns are not stupid and so they have to carry the burden of their mistakes too.

kortilla5y ago

No, absolutely not. As an engineer you develop systems and processes that don’t allow such major mistakes.

You can’t fault people for making simple mistakes or you’ll end up with an organization where nothing gets done.

1 more reply

whatch5y ago

That can happen when maintainers are professional scientists rather than professional web developers

update: added "professional" before "scientists"

HamukoOP5y ago

But you'd think they're still reading through Django's deployment documentation which explicitly states that you don't run DBEUG = True in production.

acdha5y ago

I used to support scientists. I would not expect that unless you got the documentation published in a high-profile journal.

1 more reply

j / k navigate · click thread line to collapse