this post was submitted on 14 Jul 2026
934 points (99.0% liked)
Programmer Humor
32329 readers
659 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
...Isn't that what we're talking about though? Or did I misunderstand the OP?
Regardless, I'll just clarify anyway: Developers should not have a plaintext
.envthat can be used to drop (or risk in any other way) production data.A practice like that is only as strong as the "weakest" member of the team – "Weakest" could mean the person who is the least careful, or least experienced, or least secure work computer/practices, etc. Scale up to 1,000+ engineers and the chances of disaster (data loss, leaks, etc.) greatly increase. That's just the human factor. Add LLMs into the mix and it's almost guaranteed.
The post said they were neon database creds, so I would think those would live on the production system in .env
Rereading it, it seems that they probably set their local build to point at the prod database... Which is like halfway developing (with AI) in prod (which I think we'd agree is not ideal)
I do absolutely agree with what you're saying though, not everyone should have access to the prod system for sure... Especially not an AI on a loose leash
I'd split the difference and say we're both right