Magento

Hi,

I gave the development of my website to a magento developer.

Now that they have completed the development, they want access to Cpanel, FTP, and Admin Information.

Should I give it? If I do give, how do I secure access back. I know I can change FTP and Cpanel Passwords. How about the database?

Is there any other security concern I should be aware of?

After they install Magento and the theme on the website - what are the various security measures I should take?

Thanks for your support!

I would imagine they are going to need access to be able to get it all set up on your server so unless you can do that yourself then I don’t see that you have a great deal of choice but to give them access.

You can change all your passwords if you are worried including the DB password (you’ll have to also change it in the app/etc/local.xml).

How are you going to manage this if your developer needs access afterwards for any bug fixing/future development?

Hey,

the point is: as soon as someone gets access to your server he is able to place backdoors and take over the whole system.
The other point is: do you really think a company would do this and take the risiko that someone finds the backdoor and is able to proof that the company backdoored a server?

I would give them access, if it’s a company you trust in. If not, I even wouldn’t install any software from them.

Best,
thebod

thebod sums it up pretty much.  If you don’t trust a developer to have access to your systems then I can’t see how you can trust any of their code.  In the end I would imagine (and hope) that the developer you used is trustworthy and that you don’t have anything to worry about.  Check your contracts and make sure they are tight if you are really concerned.