Open MichaelAGill opened 8 months ago
So let me give an example of how it could become an issue in it's current state.
If a dev was to accidentally change a single character from
if (env == "Testing")
into if (env != "Testing")
Or. A dev were to simply mess up the scope to that if statement. Then by the time this runs in a production environment, it could affect prod then because your env would be "production" giving you the prod connection strings.
I agree with you however. It is very unlikely. Especially since you are all now aware. So no code change is actually required. Just advised.
https://github.com/krasenHristov/RecipeHub/blob/044988987d5b9ff93af027177481e4607bae18ab/OpenSourceRecipe/Program.cs#L77
This statement causes concern. It only takes a simple human error before a dev accidentally destroys your production database.
You can however, defend against this with essentially 'double checking' your environment variable
You have your environment 'testing', 'development', 'production', etc. So you can make another environment variable like
ENABLE_DB_CLEANUP
You're code could look something like:
This way it will be much harder (still not impossible) for someone to inadvertantly run the delete code with your Production connection string.