[krisoft]

> yeah they're the developers they could always do that even without the password

Not really. Obviously facebook the company can always access your data. Weather or not an individual developer can do the same, which developers can do it, how they can do it, and under what level of supervision this would be is a design choice.

It is possible to design a system with very high level of security and ones with none too. As with any design considerations it has trade-offs. A super secure system might introduce dev and operational frictions which the company might deem unnacceptable. But even with that consideration the question is a lot more complicated than a simple “yeah they’re the developers”.

[oneplane]

Sadly, "yeah, they are the developers" applies far more often than any other scenario.

Unless a business is heavily regulated and checked for compliance, the burden and friction introduced by developer access controls to the data of the software they write is anecdotally not seen as a positive investment in any company I've seen the internals of.

[zelon88]

Just assume every engineer has access to everything. From a client perspective that's how you have to treat it.

There are so many zero days in regular consumer software, just imagine how many are in closed source public facing Amazon services.

Now multiply that by 100 to get the number of zero days that probably exist in Amazon's closed source dev only back end environment.

[krisoft]

> Just assume every engineer has access to everything.

Wise rule to live by. I would certainly advise everyone to assume that.

On the other hand geek_at was talking about a slightly different thing. They were talking about how the media criticised FB for having too lax controls on private information. geek_at even called it an "outrage".

We can and should absolutely ask platforms to do better while at the same time playing it safe ourselves with the data we control. There is no contradiction there.

There is an other layer in which it feels we are talking by each other. You mention zero days, and yes those are a thing and yes an insider is in an excellent position to find them and exploit them. Finding them and patching them is a good idea for sure. (For many reasons.) But the FB thing mentioned wasn't about an exploited zero day. It was a company sanctified system and associated work practices. We can demand that a company develop better practices (where not every engineer needs this high of a level of access to do their job) without expecting them to find and patch every single vulnerability.

[withinboredom]

Not at amazon, but I've def written internal-only-and-never-used-outside-of-team-type-tools that has obvious security issues, just to let non-devs get things done.

[geek_at]

> Weather or not an individual developer can do the same

This was early-early facebook. Like under 10 developers back in the day. But obviously today a facebook frontend developer should not and probably has no access to the database