As a software developer, how often do you leave a backdoor in your code?

I never leave backdoors, but it is very common to add “features” that only a developer can use. For example, in a development environment, you might add a page that lets you log into any account to make testing easier. Oftentimes there may be a “default admin account” that gets created and sometimes people forget to disable that account. Another common one is pages that give you stack traces, configuration information (including database passwords and ip addresses), etc.

Fun fact: Spring Boot, one of the most common frameworks in enterprise software, has a package called “Actuator” that gives you a lot of what I just described such as error logs and configuration information through a REST endpoint. A lot of people use Spring Boot Actuator in production and accidentally leave some of these endpoints enabled and exposed without even realizing it. Where I’m employed now, I occasionally teach classes on this particular framework and this is something I always cover. These kinds of frameworks give you a lot of “magic” that makes writing software fast and easy, but if you don’t understand what is in them, you might end up leaving the doors wide open…In production, however, these features are generally disabled… generally…

 If you are intentionally leaving backdoors in your code then you are probably a criminal or intending to do something criminal. Or you are being paid to help someone else do something criminal (even if it is the government).

I am a professional programmer, a lead developer right now, and if I caught ANYONE doing that intentionally I would carry them out of the building myself, make sure they are fired on the spot, and have them investigated for computer crimes. I wouldn’t care if it was my boss (though he would never do anything like that). I would lead the charge to remove that person permanently from the company and possibly from the field.

Saying “leave a backdoor in your code” sounds like a piece of code knowingly left there. That is a really bad practice and, as everyone else told you already, should never be done.

However… we don’t live in a perfect world. We need to get things done. Sometimes, the hardware is hard to reach. Sometimes, you need to access it remotely. How do we deal with that?

This is why many devices (routers, etc.) have backdoors. Is it safe? Hell no. Is it practical? You bet!

So… how do we solve this? Well, with the help of SSH, every device could have a “guest admin” account whose password changes with every access and an automated script to log in. That way, everything is protected and access is limited. But then, how much does it cost? Does it make the product more costly?

The dollars have to stack up.

My answer is slightly different from the rest.

If you are selling commercial software to customers outside your company, then yes you should absolutely never, ever have a back door. This obvious reason is that if an outsider figures out the back door, your carefully crafted security protocols are blown to bits.

However, if you are building an application/web page for internal customers only, then it can be appropriate to build a back door so you can support it. All of my apps have a way for me to access the different components regardless of whether I am an expected user.

I just don’t update data in any of my apps, so I only do it for maintenance and problem resolution.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s