A story from 2017: you work as a lead developer in an agency, and you manage about 300 projects of various sizes that the company has developed in that time. Most of them are simple Nette applications with up to 10 templates, a few forms and database tables. Nothing fancy. You don't know that much about the projects, because each one was developed by a slightly different vendor, people rotate in and out of the company, and you're hoping to get it done somehow. Because the company does a lot of cost optimization, they host maybe 50 projects on one server at a time.
Suddenly, a project manager comes running to you saying that one of the important client sites has stopped working. Instead of the real site, you get a black screen, and there's all sorts of text saying that the site has been hacked, and has access to the entire server.
Once again, you don't (and can't validly) know that much about the architecture and content of projects, and many projects run on just the server. The projectionist is pushing you that the site must work, and yet you don't know the scope of the attack and wherever the attacker has gone, or if there are backdoors from the past.
How do you decide?
Jan Barášek Více o autorovi
Autor článku pracuje jako seniorní vývojář a software architekt v Praze. Navrhuje a spravuje velké webové aplikace, které znáte a používáte. Od roku 2009 nabral bohaté zkušenosti, které tímto webem předává dál.
Rád vám pomůžu: