Home >Backend Development >PHP Tutorial >How to prevent programmers from accessing core code in large companies?
For a company like BAT, if I am a programmer who has just joined the job, and now the company wants me to make a special module, and after it is completed, it needs to be integrated and tested. This special module requires user login to use it, then the Passport module must be included. There must be some encryption algorithms, private keys and other information in the source code of this module. We young programmers cannot see the code inside. So how to test it specifically? How do they ensure the security of their core business code?
For a company like BAT, if I am a programmer who has just joined the job, and now the company wants me to make a special module, and after it is completed, it needs to be integrated and tested. This special module requires user login to use it, then the Passport module must be included. There must be some encryption algorithms, private keys and other information in the source code of this module. We young programmers cannot see the code inside. So how to test it specifically? How do they ensure the security of their core business code?
Large companies generally turn passport into a service. You can only see the interface, not the implementation~
Just give you a packaged dll and header file
The dll has removed the symbol table and you can’t see the source code
Where can you compile the dll with the header file (or the exported static file lib)? You can also see the source code
I don’t know why it was stepped down
Can’t programmers nowadays distinguish between compilation and external services such as RPC calls?
As far as I know in BAT, most of the core code of T/B is C, because the real-time performance is better, and the main force of A family is Java.
1) Games, graphics and image rendering, imagine a game that is stuck for 50ms during play, and how painful it is to lose frames frequently. Thing
2) Real-time call, imagine that in the process of navigation, the vehicle speed is 100 kilometers, and the server side GCs, and the data is delayed by 100ms before sending, how painful it is.
If you know C, you will know what I mean.
The same goes for the encryption algorithm. Remote calls and services are only used in non-quasi-real-time situations. Those that are sensitive to data must be compiled with header files and libraries
1. Slightly larger companies will have a complete set of standardized permission control management. There are corresponding regulations for your level, what code you can download, and what libraries you can connect to.
2. You will be asked to sign confidentiality agreements and the like, right? Fire prevention, theft prevention and commercial espionage, the agreement is only part of it, the real secrets are in the hands of the Enterprise Development Department (similar department).
3. Regarding the module you mentioned in development, if it is of C series, it is the same as what the innocent classmate above said. I will give you a dll or lib and you can compile it and play with it yourself. In the case of Java, these modules will be encapsulated into services, or built into Saas or Paas. You can adjust them yourself. Generally, medium and large companies will use this type of development platform.
In our factory, general components are provided by the department responsible for components. What is provided to you is a compiled library, and you cannot access the code of the library.
If you find that there is a bug in the library or it is suspected that there is a bug and you cannot track it down, start a group and argue with the relevant departments.
https://www.zhihu.com/question/22438484
How do you think about restricting employees from accessing the Internet to prevent code leaks? How should company IT be managed and structured to prevent code leaks?
https://www .zhihu.com/question/19983270
Very useful for reference