Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is bad advice. If you accidentally leave personally identifiable healthcare information on some random stage server and that server gets hacked, that is a federal crime. If the data and application code are very intertwined (likely in a pre-SOA era), it can be very difficult to version control code completely isolated from PII.


> If you accidentally leave personally identifiable healthcare information on some random stage server and that server gets hacked, that is a federal crime.

Not sure how that relates to Version Control? I personally don't put production (real) data on staging servers to begin with; always scrub your production clones or generate data for testing instances.

> If the data and application code are very intertwined (likely in a pre-SOA era), it can be very difficult to version control code completely isolated from PII.

Maybe I am naive (never had to work on DOS), but shouldn't the data be in a database/datastore/data directory that can be ignored by source control?


Huh? Why would the code have medical data in it?


If you were to take an api response and save it for testing, but not completely remove all personal information.

Easier than you'd think, or at least I could see it happening.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: