When I started this blog, my intention was to regale the reader with pithy and insightful pronouncements on the state of software development.
Since I didn’t want to maintain multiple blogs, I thought I’d put the odd stray commentary about life or books or politics on here too.
Naturally, what happened was that I didn’t do as much of the software stuff, and a lot more of the commentary stuff. Software topics became the stray.. Astray to be honest.
So, for once in a long while I thought I should do a post on software.
It should be plain to my readers (the two of you out there) that the company I joined in late 2007, was bought out by the Bank of America. Nice, right?
For a bank, it is surprisingly flexible about things like open source (there’s an official FOSS group in the bank) , agile development (we have two standard and supported SDLCs — one is agile; guess the other) and personal involvement (we have an internal open source-style repository and user groups).
The one thing that irks is that we aren’t allowed to have mini test databases on our individual machines, whether laptop or desktop. Security is the thing, and not unwarranted. We don’t need some goof leaving a laptop in his car with a few hundred thousand customers’ data on it.
What we need is a way to sanitize the data so that it’s useful for testing, but useless for outsiders — or even larcenous insiders.
Gerard Meszaros’ book, xUnit Test Patterns lists using a centralized testing database as an anti-pattern. Agreed.
So, how to go forward?
The database can help if it is aware of the relationships between tables. A semi-sophisticated script can replace any identifiable information with bogus but readable chaff. The keys used can be replaced with matching but unuseful values.
These exist, right? I mean, why don’t we hear about them more?
Is this another open source project waiting to be started? I haven’t looked, but maybe I will tonight…