Hey guys!

I participated in Round Table #231 on the channel Coding Night, in a format that I consider extremely healthy for the technology area: an open conversation between development, database and infrastructure professionals, discussing real problems, technical decisions and the practical impacts of these choices on a day-to-day basis.

Unlike a live focused on a single technology, this edition aimed precisely to provoke dialogue between areas that, historically, often communicate little — or only when something has already gone wrong.

Stream link:

 

The role of each area in an increasingly integrated scenario

One of the points that became very clear throughout the conversation is that the rigid separation between Dev, DBA and Infra no longer reflects the reality of modern systems. Containers, cloud, pipelines and automation have made the boundaries between these areas increasingly blurred.

Today, decisions made in code directly impact security, cost, observability and performance. Likewise, choices made in infrastructure or database influence the pace of development and the product's ability to evolve.

The round table revolved largely around this interdependence and the need for greater technical maturity and communication between teams.

Security is no longer an isolated topic

A recurring theme throughout practically the entire live was safety. Not as an exclusive responsibility of one area, but as a transversal problem.

We talk a lot about how security flaws don't just arise from poorly written code, but also from:

  • Indiscriminate use of third-party libraries

  • Outdated dependencies

  • Unverified container images

  • Fragile configurations in pipelines

  • Inappropriate use of secrets and credentials

It was clear that security cannot be treated as a final stage of the project. It needs to be present from the choice of dependencies to the way applications and databases are accessed in production.

Supply chain dependency and risk management

One of the densest parts of the conversation revolved around dependency management and the risks associated with the software supply chain.

We discuss real cases of libraries that, although popular, began to present vulnerabilities over time, as well as incidents involving malicious packages in public repositories such as NPM, Docker Hub and others.

The central point was that:

  • Popularity does not guarantee security

  • Code that cannot be audited must be treated with caution

  • Dependencies need to be monitored continuously, not just at the time of adoption

We also discuss tools and approaches for dependency analysis, both open source and commercial, and the importance of integrating these checks into the CI/CD flow.

Containers do not eliminate liability

Another important point was the false sense of security that often arises with the use of containers. The fact that an application runs on Docker or Kubernetes does not eliminate security problems, it just changes the attack surface.

We talk about:

  • Using reliable base images

  • Preference for official or verified images

  • Risks of generic images or images maintained by unknown third parties

  • Need to understand what is running inside the container

Containers facilitate standardization and automation, but they do not replace technical understanding.

AI, LLMs and new vulnerability vectors

The discussion advanced to one of the most current topics in the area: the use of LLMs, autonomous agents and integration of AI into corporate systems.

A point that was greatly emphasized was that prompt injection and attacks involving LLMs represent a significant evolution of classic injection problems, such as SQL Injection. Unlike traditional attacks, this new scenario greatly expands the attack surface and makes it difficult to create completely effective defense mechanisms.

We also discuss how to:

  • AI agents can perform actions on databases and services

  • Validation failures can lead to improper access

  • The creativity of those trying to exploit gaps grows faster than defenses

It became clear that the use of AI requires even more care with observability, permissions control and context validation.

Observability as an essential element

OpenTelemetry came up several times in the conversation, mainly in the context of observability in modern applications.

We talk about practical implementation difficulties, libraries still evolving, and the difference between having observability tools in place and actually using them effectively.

Observability was treated as an essential pillar for:

  • Understand distributed application behavior

  • Monitor interactions with AI services

  • Detect faults and anomalies

  • Support data-driven technical decisions

Without observability, most of the problems discussed throughout the live become invisible until they have a direct impact on production.

Secrets and credentials management

Another recurring theme was secret management. We discuss everything from simpler practices, such as environment variables, to more robust solutions such as dedicated secret management services in the cloud.

The bottom line was that encryption doesn't eliminate the problem, it just displaces it. There is always the question of where and how to store keys, tokens and credentials securely.

We also cover:

  • Risks of hardcoded secrets

  • Limitations of examples found in documentation

  • Difference between apparent security and real security

Historical conflicts between Dev, DBA and Infra

At various times, the conversation returned to classic conflicts between areas, such as modeling decisions, use of primary keys, identifier generation strategies and the impact of old choices on legacy systems.

These points emerged not as isolated criticisms, but as examples of how seemingly simple technical decisions can generate significant problems years later.

The round table served precisely to show that these conflicts should not be avoided, but discussed in a technical and collaborative way.

Final considerations

Round Table #231 was an excellent example of how technical discussions gain depth when different areas actively participate in the debate.

More than defending specific tools or approaches, the live reinforced the importance of:

  • Understand context

  • Assess risks

  • Communicate decisions

  • Think about long-term impact

In a scenario where data, containers, DevOps and AI are increasingly integrated, the dialogue between Devs, DBAs and Infra stops being optional and becomes essential.