PHP: How do you safeguard application/server/database from your employees?

What do you guys do (system/framework wise) to safeguard things like

1. employees writing malicious code to destroy your server
2. employees reading all your database sensitive information
3. generally programmers that have 开发者_如何学编程access to your back-end and potential damages that they can do.

Is there any PHP scripts that guards against these, etc.?

---

1) employees writing malicious code to destroy your server

2) employees reading all your database sensitive information

Don't grant employees access to the server except for whatever front end application they are using. (Assuming "Employees" being people who use the company's software, not create them.)

3) generally programmers that have access to your back-end and potential damages that they can do.

That is near impossible to achieve. If you can't trust your programmers not to do damage to your back-end, you need new programmers. End of story.

You can do things like restrict access rights to parts of the code, enforce a strict access control list, have people work only on the code parts they are assigned to, and so on. But the basic rule in the vast majority of projects is: If a programmer wants to do damage, they can. Especially in PHP.

That may be different in huge projects like Windows, or the Linux Kernel, where any code checked into the central repository is monitored closely. But I don't think we are talking about those kinds of dimensions here.

Related questions with a lot of additional input (and suggestions for actual technical measures, if you want to employ those):

• How do you let people work on a project without exposing them to the whole code base?

• How do you protect code from leaking outside?

• Best way to let third-parties work on your site

• Managing offsite Developers