How to prevent programmers from accessing core code in large companies?

For a company like BAT, if I am a programmer who has just joined the job, and now the company wants me to make a special module, and after it is completed, it needs to be integrated and tested. This special module requires user login to use it, then the Passport module must be included. There must be some encryption algorithms, private keys and other information in the source code of this module. We young programmers cannot see the code inside. So how to test it specifically? How do they ensure the security of their core business code?

Reply content:

For a company like BAT, if I am a programmer who has just joined the job, and now the company wants me to make a special module, and after it is completed, it needs to be integrated and tested. This special module requires user login to use it, then the Passport module must be included. There must be some encryption algorithms, private keys and other information in the source code of this module. We young programmers cannot see the code inside. So how to test it specifically? How do they ensure the security of their core business code?

Large companies generally turn passport into a service. You can only see the interface, not the implementation~

Just give you a packaged dll and header file
The dll has removed the symbol table and you can’t see the source code
Where can you compile the dll with the header file (or the exported static file lib)? You can also see the source code

I don’t know why it was stepped down
Can’t programmers nowadays distinguish between compilation and external services such as RPC calls?
As far as I know in BAT, most of the core code of T/B is C, because the real-time performance is better, and the main force of A family is Java.

Using C as the core has several benefits and essential scenarios

1) Games, graphics and image rendering, imagine a game that is stuck for 50ms during play, and how painful it is to lose frames frequently. Thing
2) Real-time call, imagine that in the process of navigation, the vehicle speed is 100 kilometers, and the server side GCs, and the data is delayed by 100ms before sending, how painful it is.

If you know C, you will know what I mean.

Most of the kernel is written in C, and the intellectual property rights are well protected. Think about how you made an Android App without JNI and was reversed by an opponent in minutes.

The same goes for the encryption algorithm. Remote calls and services are only used in non-quasi-real-time situations. Those that are sensitive to data must be compiled with header files and libraries

Large companies are not afraid that programmers will come into contact with the core code. Some of the core code you think of may not be highly confidential within the company's confidentiality level. What they pay more attention to is serialized management regulations.

1. Slightly larger companies will have a complete set of standardized permission control management. There are corresponding regulations for your level, what code you can download, and what libraries you can connect to.

2. You will be asked to sign confidentiality agreements and the like, right? Fire prevention, theft prevention and commercial espionage, the agreement is only part of it, the real secrets are in the hands of the Enterprise Development Department (similar department).
3. Regarding the module you mentioned in development, if it is of C series, it is the same as what the innocent classmate above said. I will give you a dll or lib and you can compile it and play with it yourself. In the case of Java, these modules will be encapsulated into services, or built into Saas or Paas. You can adjust them yourself. Generally, medium and large companies will use this type of development platform.

It is recommended to take a look at RPC. Large companies will definitely strip off each module and use RPC to call between modules. When calling, you do not need to care about the internal logic of other modules, and you cannot see the code of other modules.

In our factory, general components are provided by the department responsible for components. What is provided to you is a compiled library, and you cannot access the code of the library.

If you find that there is a bug in the library or it is suspected that there is a bug and you cannot track it down, start a group and argue with the relevant departments.

Do big companies such as Baidu, Alibaba, and Tencent use Git? How do they manage source code?

https://www.zhihu.com/question/22438484

How do you think about restricting employees from accessing the Internet to prevent code leaks? How should company IT be managed and structured to prevent code leaks?
https://www .zhihu.com/question/19983270

Very useful for reference