bigbob2 Posted April 14, 2011 Share Posted April 14, 2011 I am getting some work done by a coder who is a stranger to me. I have a fault that he is trying to fix. Ultimately I will be told what the error in my code is, so that I can fix it myself (to prevent any unauthorized back doors etc), but I need to know what files are not safe to give to someone else for security reasons. I am running 2.2-MS2. I just don't want to give out anything that will contain passwords, sensitive data or information that could be used against our site. Cheers Kevin Link to comment Share on other sites More sharing options...
dailce Posted April 14, 2011 Share Posted April 14, 2011 I wouldn't give any .htaccess file or configure.php file, and if he's just fixing some "other page", then have a lot at the code he gives back. The fact that you don't trust this coder off the bat, says to me you might be hiring the wrong guy. Link to comment Share on other sites More sharing options...
bigbob2 Posted April 14, 2011 Author Share Posted April 14, 2011 I have just never worked with this guy before, to be fair, I don't trust anyone ;o) It is just that we have an established site which is operational, so I don't want to do anything stupid, but this repair is out of my level of ability. However I will know when he gives me the corrected code if it is "safe". I just wish I was better at PHP and I could fix it myself. Thanks for the help though. Cheers Kev Link to comment Share on other sites More sharing options...
MrPhil Posted April 15, 2011 Share Posted April 15, 2011 Before he starts, download a full copy of your site to a PC under one "before" directory, and after he finishes, download a full copy of your site under one "after" directory. Compare the two and see what files were added or deleted, and what ones were changed by him. Some things will be product images, etc. that you added, but anything touched or added that wasn't in the scope of work should be viewed as suspicious. Then you have to look at modified files line by line to see what changes he made, and have someone who understands PHP etc. vet the changes. It would be a whole lot easier if you could trust this guy -- if you don't know your way around your own site's innards, you're going to have to rely on still another person to check up on the first one. Then, who watches the watchers? Consider making a copy of the live site and have him work on the copy (he doesn't have any access to the live site). Run it for a while and do virus scans on it and compare it against the old production site to see what's different. If nothing odd happens after a while, cut over to the new version. Or just hire someone from an established and reputable software house that you can trust from the start... someone with references, perhaps who is bonded and insured. Note that even the best-intentioned programmer can make mistakes, so having him work on a copy might be better for that reason alone. Link to comment Share on other sites More sharing options...
Guest Posted April 15, 2011 Share Posted April 15, 2011 Kevin, This is very simple. If you can't trust him, don't hire him. Check references, portfolio and GOOGLE him to find out any information you can. Chris Link to comment Share on other sites More sharing options...
bigbob2 Posted April 17, 2011 Author Share Posted April 17, 2011 Before he starts, download a full copy of your site to a PC under one "before" directory, and after he finishes, download a full copy of your site under one "after" directory. Compare the two and see what files were added or deleted, and what ones were changed by him. Some things will be product images, etc. that you added, but anything touched or added that wasn't in the scope of work should be viewed as suspicious. Then you have to look at modified files line by line to see what changes he made, and have someone who understands PHP etc. vet the changes. It would be a whole lot easier if you could trust this guy -- if you don't know your way around your own site's innards, you're going to have to rely on still another person to check up on the first one. Then, who watches the watchers? Consider making a copy of the live site and have him work on the copy (he doesn't have any access to the live site). Run it for a while and do virus scans on it and compare it against the old production site to see what's different. If nothing odd happens after a while, cut over to the new version. Or just hire someone from an established and reputable software house that you can trust from the start... someone with references, perhaps who is bonded and insured. Note that even the best-intentioned programmer can make mistakes, so having him work on a copy might be better for that reason alone. Thank you for your advice, I appreciate your time. He is going to tell me what changes to make and I will make them, so I can see each line of code as it is put in. I have a limited PHP ability, but I can follow what most code is doing, so I should be safe, but I may run it past another coder just to be sure. Thanks again Kev Link to comment Share on other sites More sharing options...
♥geoffreywalton Posted April 17, 2011 Share Posted April 17, 2011 Sounds like him telling you what to do is going to meet your "security" needs. I would still back up your site to your local PC. Not because you don't trust your developer but as a backup in case anything happens to your site. Cheers G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.