maxjulius Posted July 26, 2004 Posted July 26, 2004 I am thinking about paying someone to design my oscommerce store for me but i am concerned about giving him the admin passwords. I want to know if I gave him those passwords and then later changed them when he was done designing the site can he access it from any kind of codes he may put on the site and what is a good measure to keep in mind if i do have someone make the site.
Iggy Posted July 26, 2004 Posted July 26, 2004 Why give them access at all if you're concerned? Dup your files, clean the database, forward them that. When they hand you the code back update your site, db yourself. No muss, no fuss. Hope that helps a bit, Iggy Everything's funny but nothing's a joke...
maxjulius Posted July 26, 2004 Author Posted July 26, 2004 I was thinking about doing that, but I have no programming skills what so ever and I don't know were to put those files once i get it from him.
Rob123 Posted July 26, 2004 Posted July 26, 2004 There is always a risk when allowing anyone access to sensitive areas of your business. It does not matter if you hire employees or simply pay a company. It doesn't matter if they are coders, accountants or stock handlers. Consider this scenario... You pay me to customize your site. I place a file called "sensitive_data.php" in your catalog folder. Sensitive_data.php is a file that outputs all of the tables that contain customer information. I would be able to access the webpage from any internet cafe even if the admin folder is protected. You may think that the fact that the coder would eventually get caught is a deterant enough. You may be willing to risk it... or you may not. You need to determine what all of your risks are and determine the best course of action to mitigate the risk and at the same time minimize the impact to your business. To make an extremely long story short... the only way you can ensure that there are no problems from within is to have a one man operation. Just my 2 cents, Robert
OSCommerceSurgeon Posted August 12, 2004 Posted August 12, 2004 I guess it just comes down to trust, have a look at this thread I started and have a look at some of the posts on it, I am seriously considering opening up another forum that actually helps people solve their problems when they dont have the time, resources or technical skills to do some of the stuff within oscommerce. It doesn't mean that these people are dumb it just means that they have more important things to do that mess around with php and mysql, they are busy running their businesses. Have a look at this thread: http://www.oscommerce.com/forums/index.php?sho...10entry423472 It fits into this discussion and may provide you with a software developers point of view. While I'm operating on OSCommerce, I don't have to worry about silly vitals or forgetting to turn off the ane..the.. no wait I remember aes....thetic, or right I've got it Anaesthetic
Destra Posted August 12, 2004 Posted August 12, 2004 Probably a good idea would be to create an FTP account for the designer so that the master password is not given out. If there is a dispute you would not run the risk of the designer hijacking your site (just delete the account and no more access). Also change your database password and don't use the same passwords. As people have pointed out trust is key but a little paranoia never hurts.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.