Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

How to set up a safe account/server access for an external developer? 
 
likeit
Jr. Member
 
Total Posts:  3
Joined:  2012-03-08
 

I like to have a new, external devloper from overseas working on my system. (work on the way product images are displayed)
What is recommended to reduce the risk for criminal activites? Writing this I am firstly thinking about my payment methods, PayPal login etc. but there are probably many additional risks.
What shall I do with the backend-account and which risk is involved if I give somebody access to the magento server?

 
Magento Community Magento Community
Magento Community
Magento Community
 
MagenX
Enthusiast
 
Total Posts:  791
Joined:  2008-05-26
Dublin
 

all you have to do is - configure a copy of your site in test sub-domain.
test database and test user only for this database.
without any payment information, or customer details, etc…
then configure chroot vsftpd and chroot/limited shell if needed.

thats it.
developer will work on test domain, and only in test folder.
when job completed, you can move new/edited files to your production folder, where you only have access to.

pretty simple.

cheers

 
Magento Community Magento Community
Magento Community
Magento Community
 
Rich Cleverley
Sr. Member
 
Avatar
Total Posts:  285
Joined:  2009-01-20
 

And of course make sure you check out the developer properly before engaging him/her to do any work!  Ask for references, sites that they have worked on (and that you can contact the owner for information on the developer).

Oh, and review any code they do for you to make sure there are no backdoors or vulnerabilities coded into it.

 
Magento Community Magento Community
Magento Community
Magento Community
 
Magento Lab
Sr. Member
 
Avatar
Total Posts:  77
Joined:  2010-11-09
Paris
 

Have you considered using a version control system such as SVN or GIT? Therefore no touch is directly made to your server files and you have a clear view about who changed what.

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top