Describe a time when a security constraint broke a production application. How did you resolve the issue without compromising the security posture?