Staging app on gov portal publicly accessible
A staging platform in the ICT terminology is one where developers/sysadmins usually test an application. Staging is also called the pre-production environment, since application changes after successful trials are then pushed to the production environment.
The staging area is usually barred from public access as applications might have unresolved bugs and could allow undesired access to data. Some times access from the internet is allowed to a minimum set of IP addresses to allow testing from remote places or simulate user behaviors.
On 19 November 2015, the e-procurement service by the Public Procurement Office was launched. Prior to the official launch, on 4 October 2015, I made a comment on the Mauritius Internet Users mailing list regarding the web application. Today while searching for details regarding a tender by the Mauritius Police Force I stumbled upon the staging platform of the e-procurement application.
My browser prompted a security warning because the SSL certificate provided did not match the domain name. The certificate used was that of the production environment.
I proceeded with viewing of the website. The NexProcure application that the production environment of e-procurement uses, also runs on on eprocstaging.publicprocurement.govmu.org.
I sent an email to the Manager of the Government Online Centre. A copy of the email is available at the Mauritius Internet users mailing list archive. There is a reason why I made this incident public. Discussions behind closed doors are not given due attention and they do not go on record.