4

Today I found what looked to be my supervisor's password in some code in version control. The password is to a database. He is very experienced and has explained before how to avoid having passwords in the source code.

How should I handle this situation? Is there a best practice about preserving evidence of a security flaw, or should I remove such data as soon as I see it?

Even if I remove the data in the current revision, there's still the revision history. Should I just alert my supervisor instead?

Frames Catherine White
  • 894
  • 6
  • 18
  • 2
    This is not programming specific. – Oded Feb 08 '12 at 14:40
  • I agree with Oded - this situation could apply in any line of work where you deal with sensitive data. The solution is to have a private chat with him, asking for assistance with clearing it up. – ChrisF Feb 08 '12 at 14:43
  • 1
    I thought version control, was kinda programming specific. Like version control adds an extra leval of complication -it can't simply be deleted. Is there a "Dealingwithsensitive data.Profesionals SE"? – Frames Catherine White Feb 08 '12 at 14:48
  • @Jarrod Nettles. Thanks for cleaning my question up. So much better now. I was really rambling quiet badly – Frames Catherine White Feb 08 '12 at 14:48
  • @Oxinabox I figured there was a good question in there - it just needed a little help. :) Honestly - go talk to your supervisor right now. – Jarrod Nettles Feb 08 '12 at 14:50
  • 1
    Oxinabox "dealing with sensitive data" is possibly on topic, but your question is focused on how (and if) to approach your boss, which has nothing to do with software development. – yannis Feb 08 '12 at 14:54
  • Seriosly there must be a SE where this question is on topic. Can someone point me there? – Frames Catherine White Feb 08 '12 at 14:59
  • Unfortunately there isn't a Stack Exchange site where your question would be on topic. There is however an Area51 proposal, [The Workplace](http://area51.stackexchange.com/proposals/30887/the-workplace?referrer=eeaqg1pbrZqJS6wd42Y-3w2), where general workplace questions would be fine. Support the proposal and help it grow into a full site soon! – yannis Feb 08 '12 at 15:15
  • 2
    Since this is closed I can't post this as an answer, but just ask him what the password is for. Don't point out that the password was entered by him since that will put him on the defensive. Let him realize that it was something he shouldn't have done on his own. If he doesn't suggest removing it himself after realizing it's the database password, ask him if he thinks you should remove it. I'm not that familiar with version control, but you can also ask if it can be permanently deleted from all revisions, and if not you can also suggest changing the password. – Rachel Feb 08 '12 at 15:34
  • 2
    Perhaps you can rephrase the question so it is asking what you should do when you find sensitive data in your version control, rather than being a question on how to confront your boss about something he/she did wrong. If you do, flag it for moderator attention and they'll reopen it if it meets the guidelines in our FAQ. See [this chat log](http://chat.stackexchange.com/transcript/message/3320610#3320610) for some examples – Rachel Feb 08 '12 at 19:38
  • Even with the latest revisions, it was still very much a "How do I deal with my boss?" question, which isn't on-topic here. I've revised it some more to be specifically about how to deal with sensitive data found in version control, like @Rachel suggested. –  Feb 08 '12 at 23:50
  • Wow, this question has been editted into something relivant. Kudo's to the mods. -I asked him about it, he took alook and was basically, "Huh, well that password is ancient." So i simply deleted it from the file (replaced it with a empty string and checked it back in. (the companant was no longer in use, possibly could have deleted it) – Frames Catherine White Feb 09 '12 at 12:43

2 Answers2

3

All version control systems I am aware of have some form of "obliterate" capability that allows you to remove data permanently. This is normally not something you want to do lightly as it inevitably involves rewriting history. Most version control systems in fact restrict this ability to administrators or at least to users with direct access to the central repository. In a distributed version control system like git, this is complicated by the fact that many people may have clones of the repository and therefore copies of the sensitive data. If you cannot guarantee that all copies are destroyed, you have a problem.

Some general advice from an SCM pro: As a matter of policy I won't use any "obliterate" equivalent unless requested to do so by the company's legal department. This is because, as I said, you are rewriting history, and the history of the code in your repository can be considered legal evidence in some cases. I probably would recommend not removing a password as a password can be changed.

In your particular instance, I would strongly recommend that you not do anything without talking to your supervisor, even if you do have the access or the knowledge to remove the password. Messing around with the history in your repository is not something you should be doing on your own authority.

ebneter
  • 436
  • 2
  • 4
0

Remove the reference from the code, as it's not safe.

Communicate to him that his current password has become compromised listing the reason.

Have him change it and tell everyone coding this should never happen again.

linkerro
  • 687
  • 3
  • 9