Urgent advise please?

Nathali · February 26, 2009

Hi,

I didn't give FTP access (from security reasons) to the Coder that should modify my site.

According to his request, he wants me to send him my website "catalog" folder and SQL database or SQL dump.

What should I do or erase from the files, to prevent from him access to important data, such database password, my user name and password of my credit card processor system.

Waiting please to get your valuable advise, what should I do??

Thanks for your kind attention!

Best Regards,

Nathali

February 26, 2009

Hi

phpMyAdmin has a facility to produce an sql script of the database schema, This doesn't include senstive data only the file structures, The catalog folder should only contain php source code and again no sensitive data.

burt · February 26, 2009

If you do not trust your coder 100% do not use him.

I am surprised that any coder worth more than a dollar would even

agree to work on your site without all the data needed.

jhande · February 26, 2009

WHOA... STOP... WAIT...

Hey Nathali,

There is important information you will send to your webmaster in your catalog folder!

Look in catalog\includes\configure.php at the bottom.

define('HTTP_SERVER', 'http://yourdomain.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://yoursecurehostdomain'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'yourdomain');

define('HTTPS_COOKIE_DOMAIN', 'yoursecurehostdomain');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection

define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'yourdatabaseusername');

define('DB_SERVER_PASSWORD', 'yourdatabasepassword');

define('DB_DATABASE', 'thenameofyourdatabase');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

You would have to edit the above red bold info, or else your database can be accessed.

Here's my thoughts...

If you don't trust your webmaster to have full access to your site and information, it's not a good working relationship.

I am surprised the webmaster is willing to work on your site without such information.

The webmaster doesn't need your admin folder?

I quess it depends on "what" the webmaster is working on, maybe just the theme (colors). If working on layout, adding contributions, fixing glitches or bugs, etc... then complete access and files would be needed.

Do make sure you can verify that the webmaster has worked on osC installs before, not just HTML and/or PHP.

You must find a webmaster that you feel comfortable with and willing to give access to your site and database.

Make sure everything is backed up and download a copy to your computer.

Once the work is done, you can always change the usernames and passwords to your site and database.

Read the fine print of the contract, make sure "you" are protected and not just the webmaster!

;)

Nathali · February 26, 2009

If you do not trust your coder 100% do not use him.

I am surprised that any coder worth more than a dollar would even

agree to work on your site without all the data needed.

Thanks a lot Mark and Burt for your advises!

Mark, for the SQL database I know that I can send XL schema or other format.. But what about the config file or others that includes Database access password and my payment module file that includes my credit processor account User name and password?? Thanks

Burt. this is your opinion and it's ok. But not every Coder thinks like you! (thanks that it is like that)..

What do you say about this: I got some offers from other Coders and it comes to 1000USD.. this coder is expert from USA that charge me 70USD, and the payment will be after I check the code for my full satisfaction!

Thanks god that this is an open Market ;-)

Thanks again for your advises !

All the best,

Nathali

February 26, 2009

Hi Again

Sorry for the misleading information I gave earlier i.e non sensitive information

e.g.

// define our database connection

define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'yourdatabaseusername');

define('DB_SERVER_PASSWORD', 'yourdatabasepassword');

define('DB_DATABASE', 'thenameofyourdatabase');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

My mind was on holding back customer informtaion stored on you database.

I do echo previous comments stating that you should be in a position to trust your developer.

Regards

Nathali · February 26, 2009

WHOA... STOP... WAIT...

Hey Nathali,

There is important information you will send to your webmaster in your catalog folder!

Look in catalog\includes\configure.php at the bottom.

define('HTTP_SERVER', 'http://yourdomain.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://yoursecurehostdomain'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'yourdomain');

define('HTTPS_COOKIE_DOMAIN', 'yoursecurehostdomain');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

// define our database connection

define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'yourdatabaseusername');

define('DB_SERVER_PASSWORD', 'yourdatabasepassword');

define('DB_DATABASE', 'thenameofyourdatabase');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

You would have to edit the above red bold info, or else your database can be accessed.

Here's my thoughts...

If you don't trust your webmaster to have full access to your site and information, it's not a good working relationship.

I am surprised the webmaster is willing to work on your site without such information.

The webmaster doesn't need your admin folder?

I quess it depends on "what" the webmaster is working on, maybe just the theme (colors). If working on layout, adding contributions, fixing glitches or bugs, etc... then complete access and files would be needed.

Do make sure you can verify that the webmaster has worked on osC installs before, not just HTML and/or PHP.

You must find a webmaster that you feel comfortable with and willing to give access to your site and database.

Make sure everything is backed up and download a copy to your computer.

Once the work is done, you can always change the usernames and passwords to your site and database.

Read the fine print of the contract, make sure "you" are protected and not just the webmaster!

;)

Thanks a lot Jim !!

Yes, I know that this is the config.php file that has important information.

I can erase the important data from there.. and also copy for him my Database.. he can use my database fields, when he will install it on his own oscommerce demo site (like we agreed before) without having my database User name and password. Right?

I think it could be the best solution.. any comments?

Thank you very much again!

All the best Jim,

Nathali

jhande · February 26, 2009

You are welcome Nathali.

I am a little concerned regarding such a difference in fees, although I don't know what the coder will be doing. Personally I never use the services of anyone from the highest price or the lowest price. I prefer the middle price range as that is where you usually avoid problems.

You could make a copy of your database, remove the information from sensitive tables/fields and send that.

Also removing the sensitive info from your files before sending those would also work.

The webmaster/coder can insert their own info for running on the test site.

It sounds like a do-able solution.

Good luck!

burt · February 26, 2009

As I said - "cut price cowboys" will work on anything.

What do you say about this: I got some offers from other Coders and it comes to 1000USD.. this coder is expert from USA that charge me 70USD, and the payment will be after I check the code for my full satisfaction!

He'll do it for 70 when the other quotes are 1000!?! He might be an expert, but he ain't got no common sense. Feel free to PM me his details as I can pass a load of work to him.

Nathali · March 2, 2009

As I said - "cut price cowboys" will work on anything.

He'll do it for 70 when the other quotes are 1000!?! He might be an expert, but he ain't got no common sense. Feel free to PM me his details as I can pass a load of work to him.

Hi burt !

Thanks for your comment.. )

I have an offer to you.. fell free to PM to me to here it.. it might be worth for both of us )

A little question if you or someone else could advise please..

According to what Jim posted, I will delete all the important passwords I have..

But, what about the ADMIN user name and password?

Where should I delete this info ??

I will be happy to get any advise please..

Thanks!

Nathali

Urgent advise please?

Recommended Posts

Nathali

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

burt

Link to comment

Share on other sites

jhande

Link to comment

Share on other sites

Nathali

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

Nathali

Link to comment

Share on other sites

jhande

Link to comment

Share on other sites

burt

Link to comment

Share on other sites

Nathali

Link to comment

Share on other sites

Archived

Browse

Activity