Hacker News new | ask | show | jobs
by wpietri 4515 days ago
I'm not quite understanding the problem.

Normally, I run unit tests on my dev box; presumably your sysadmins don't care about that. I also run them on a special-purpose CI server. None of these machines are accessible to the outside world. I would never put the the unit test code in a place where it could be triggered by regular users or the general public.

Is that how you're setting it up? If so, what is the sysadmin worried about?
1 comments
jbrowne 4515 days ago
Thanks for responding! Currently running Jasmine on local dev box, yes that's cool, sysadmin not concerned about that.

We don't have CI server. We have a dev server that is currently exposed to the world, our production server is separate. If Jasmine installed on the dev server a SpecRunner.html that triggers the unit tests on that dev server could be accessed by anyone if they knew the url.

This is what the sysadmin is concerned about. Would you say it's best to either 1. just run the unit tests locally as we don't have CI server set up or 2. Hide our dev server from the outside world and then it would be ok to run the unit tests on it?

Hope that helps to clarify?

link
barylen 4514 days ago
Your dev server shouldn't be accessible to the public. If you want a server to be accessible to the public that isn't your production server (which is valid), you should be doing things as similar to production as possible (not running tests on it).
link
jbrowne 4514 days ago
Thanks barylen for the response! Totally get what you're saying, could you expand a bit on why?
link
wpietri 4514 days ago
I agree with barylen. Dev should never be visible. For the general reason that the default is "hidden". You make specific exceptions for the small number of things you want people to see.

There are a lot of reasons for that, but for me the two big reasons are good user experience and good security. You get a good user experience by carefully controlling what people see and making sure that's polished. You don't want to have to think about them stumbling across things that aren't for them. And good security requires minimal attack surface. You don't give naughty people anything to abuse that you don't have to.

link
jbrowne 4514 days ago
That all stands to reason, thanks for the input wpietri.
link