The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 13 posts ] 
Author Message
PostPosted: Wed Aug 24, 2011 6:53 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Feb 22, 2011 8:11 pm
Posts: 47
Hello, I looked to see if I could find this question answered - didn't see anything. I want to hire a web developer who I don't personally know and will never see face to face, (elance). Isn't there some safe way for me to create access for him that protects me? I think I saw something about setting up a seperate FTP, but don't know how or what exactly this means. Better yet, (as i'm more the visual type) can anyone point me to a good [youtube] tutorial on this subject?

Thanx so much! :)


Top
 Profile  
 
PostPosted: Wed Aug 24, 2011 9:01 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Wed Jun 29, 2011 11:22 am
Posts: 311
extravert wrote:
.....I want to hire a web developer who I don't personally know and will never see face to face, (elance). Isn't there some safe way for me to create access for him that protects me?......


J1.7 has good ACL. What will the developer be doing? Access type will depend on the answer to this question.


Top
 Profile  
 
PostPosted: Thu Aug 25, 2011 3:14 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Feb 22, 2011 8:11 pm
Posts: 47
Hey cmsj,
The developer will be doing anything I can't figure out on my own. He might custom design the template, he will get the 3rd party extensions I've already downloaded employed where I need them, that kind of thing. I will categorize, add articles and photos etc, (content), he'll make sure it all looks like the static images I produced in adobe illustrator mockups. So is it enough if I go into my 'user' in the control panel and set him up with limited access? And what level of access would that be?

CHeers


Top
 Profile  
 
PostPosted: Sun Aug 28, 2011 3:04 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Wed Jun 29, 2011 11:22 am
Posts: 311
cmsj wrote:
The developer will be doing anything I can't figure out on my own.

It looks like your developer will need at the very least, the same access as you. Its really down to you, and it seems that your decision is based on trust.

Look at the following doc, it gives you info relating to each user group. You might like to make this developer a new user, based on the same assigned user group(s) as you, that way he/she has the same access, but you will be able to track your decisions and theirs.

http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6


Top
 Profile  
 
PostPosted: Sun Aug 28, 2011 3:28 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 7:19 am
Posts: 10475
Location: Leeds, UK
If you dont trust your developer with full access to the site then they are the wrong developer to hire.

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Top
 Profile  
 
PostPosted: Sun Aug 28, 2011 3:50 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Feb 22, 2011 8:11 pm
Posts: 47
Thanks Brian,

I guess the question is, if they are logged into the joomla can they get access into the godaddy account itself?


Top
 Profile  
 
PostPosted: Sun Aug 28, 2011 10:46 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Wed Jun 29, 2011 11:22 am
Posts: 311
They should not be able to access your Go Daddy account as this is a separate account, it has nothing to do with your Joomla account. As an example, to use the FTP facility you would need to have your GoDaddy username and password, and this is completely different from your website username and password.

But, as pointed out above, if there is an issue of trust, then you should also consider security factors unrelated to the access of your GoDaddy account.

See:
Security in Joomla! 1.7 / Joomla! 1.6


Top
 Profile  
 
PostPosted: Mon Aug 29, 2011 3:03 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Feb 22, 2011 8:11 pm
Posts: 47
Thank you cmsj, I'll check it out.
:)


Top
 Profile  
 
PostPosted: Mon Oct 10, 2011 7:18 am 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Aug 29, 2005 10:17 am
Posts: 13582
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
As Brian mentioned: If you do not trust the developer do not hire them. Besides that it not limited to do with access Joomla only. Most of the time a developer (depending on the job) will need access to your cPanel or CTRL-panel since he needs to install/create/optimize databases, access files with ftp, test mailings and other scripts etc.... You will need to trust your developer or leave it. Once ready you might want to ask your host to run a scan on your account.

Leo 8)

_________________
-- Joomla Professional Support Services : http://gws-desk.com --
-- Good & Cheap Joomla Sites Ready To Roll : http://gws-deals.today --
-- Joomla Specialized Hosting Solutions : www.gws-host.com --
-- Member Joomla Bug Squad --


Top
 Profile  
 
PostPosted: Mon Oct 10, 2011 7:22 am 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Aug 29, 2005 10:17 am
Posts: 13582
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
cmsj wrote:
They should not be able to access your Go Daddy account as this is a separate account, it has nothing to do with your Joomla account. As an example, to use the FTP facility you would need to have your GoDaddy username and password, and this is completely different from your website username and password.
Sorry real live is different! I explained this above....When I as a developer have access to any hosting server account I have access to the files system, access to the database and have a new super user created in seconds to access the Joomla site.

Leo 8)

_________________
-- Joomla Professional Support Services : http://gws-desk.com --
-- Good & Cheap Joomla Sites Ready To Roll : http://gws-deals.today --
-- Joomla Specialized Hosting Solutions : www.gws-host.com --
-- Member Joomla Bug Squad --


Top
 Profile  
 
PostPosted: Thu Oct 13, 2011 2:28 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Wed Jun 29, 2011 11:22 am
Posts: 311
extravert wrote:
I guess the question is, if they are logged into the joomla can they get access into the godaddy account itself?

Hi Leolam,

My response above was in response to the sole issue, raised by extravert. It was not in response to any wider issue relating to access.


Top
 Profile  
 
PostPosted: Thu Oct 13, 2011 2:44 pm 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Aug 29, 2005 10:17 am
Posts: 13582
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
The response covers all aspects of access in general.....(You claim that some parts should not be accessible....) Your assessment does not explains the consequences and therefor I explained that your assessment is incorrect/does not cover all issues related to what you state

Cheers

Leo 8)

_________________
-- Joomla Professional Support Services : http://gws-desk.com --
-- Good & Cheap Joomla Sites Ready To Roll : http://gws-deals.today --
-- Joomla Specialized Hosting Solutions : www.gws-host.com --
-- Member Joomla Bug Squad --


Top
 Profile  
 
PostPosted: Thu Oct 13, 2011 11:28 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Wed Jun 29, 2011 11:22 am
Posts: 311
leolam wrote:
You claim that some parts should not be accessible

I did not claim that some parts should not be accessible. There is a world of difference between stating that something is incorrect, against expanding on an issue in order to elaborate. The above prognosis is therefore mired, due to something having been lost in translation, with respect to what I stated and what you perceived it to be.

For the record, Extrovert asked the following:
extravert wrote:
.....if they are logged into the joomla can they get access into the godaddy account itself?

The question specifically asks "if they are logged into the joomla can they get access into the godaddy account itself?" and my response related to that issue, it was not in response to any wider issue relating to access.

But the above is a minor point and I wish you the best.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 



Who is online

Users browsing this forum: willkey, zonkd and 46 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group