(no title)

1 (number one) is popular in "injection" attacks as it is likely to go through and not throw an error. If you login as admin to your web based control panel and is greeted with an alert(1) you know you are fucked.

Almost certainly the former. Careful people need to be in charge and keep a tight leash on people who are careless until they are careful.

Also pre-emptive response to “something something about systems something cgpgrey”. At the end of the day we live in the real world with imperfections everywhere. Every system eventually boils down to trust in humans.

I've never been a dev in such a large environment but devs shouldn't even be able to touch such a production environment imo.

They do their testing and then hand over to deployment. After that they're out of the picture until the next update needs to roll out.

They can't have direct access to API keys for live apps in production.

and this is the reason why all my tests are reasonable sane strings which customers could see and not something like "fuck 1", "fuck 2", etc