Setting up Access Safely for a Hired Devlpr to Build Website

[extravert]

Hello, I looked to see if I could find this question answered - didn't see anything. I want to hire a web developer who I don't personally know and will never see face to face, (elance). Isn't there some safe way for me to create access for him that protects me? I think I saw something about setting up a seperate FTP, but don't know how or what exactly this means. Better yet, (as i'm more the visual type) can anyone point me to a good [youtube] tutorial on this subject?

Thanx so much!

[cmsj]

.....I want to hire a web developer who I don't personally know and will never see face to face, (elance). Isn't there some safe way for me to create access for him that protects me?......

J1.7 has good ACL. What will the developer be doing? Access type will depend on the answer to this question.

[extravert]

Hey cmsj,
The developer will be doing anything I can't figure out on my own. He might custom design the template, he will get the 3rd party extensions I've already downloaded employed where I need them, that kind of thing. I will categorize, add articles and photos etc, (content), he'll make sure it all looks like the static images I produced in adobe illustrator mockups. So is it enough if I go into my 'user' in the control panel and set him up with limited access? And what level of access would that be?

CHeers

[cmsj]

The developer will be doing anything I can't figure out on my own.

It looks like your developer will need at the very least, the same access as you. Its really down to you, and it seems that your decision is based on trust.

Look at the following doc, it gives you info relating to each user group. You might like to make this developer a new user, based on the same assigned user group(s) as you, that way he/she has the same access, but you will be able to track your decisions and theirs.

http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6

[brian]

If you dont trust your developer with full access to the site then they are the wrong developer to hire.

[extravert]

Thanks Brian,

I guess the question is, if they are logged into the joomla can they get access into the godaddy account itself?

[cmsj]

They should not be able to access your Go Daddy account as this is a separate account, it has nothing to do with your Joomla account. As an example, to use the FTP facility you would need to have your GoDaddy username and password, and this is completely different from your website username and password.

But, as pointed out above, if there is an issue of trust, then you should also consider security factors unrelated to the access of your GoDaddy account.

See:
Security in Joomla! 1.7 / Joomla! 1.6

[extravert]

Thank you cmsj, I'll check it out.

[leolam]

As Brian mentioned: If you do not trust the developer do not hire them. Besides that it not limited to do with access Joomla only. Most of the time a developer (depending on the job) will need access to your cPanel or CTRL-panel since he needs to install/create/optimize databases, access files with ftp, test mailings and other scripts etc.... You will need to trust your developer or leave it. Once ready you might want to ask your host to run a scan on your account.

Leo

[leolam]

They should not be able to access your Go Daddy account as this is a separate account, it has nothing to do with your Joomla account. As an example, to use the FTP facility you would need to have your GoDaddy username and password, and this is completely different from your website username and password.

Sorry real live is different! I explained this above....When I as a developer have access to any hosting server account I have access to the files system, access to the database and have a new super user created in seconds to access the Joomla site.

Leo

[cmsj]

I guess the question is, if they are logged into the joomla can they get access into the godaddy account itself?

Hi Leolam,

My response above was in response to the sole issue, raised by extravert. It was not in response to any wider issue relating to access.

[leolam]

The response covers all aspects of access in general.....(You claim that some parts should not be accessible....) Your assessment does not explains the consequences and therefor I explained that your assessment is incorrect/does not cover all issues related to what you state

Cheers

Leo

[cmsj]

You claim that some parts should not be accessible

I did not claim that some parts should not be accessible. There is a world of difference between stating that something is incorrect, against expanding on an issue in order to elaborate. The above prognosis is therefore mired, due to something having been lost in translation, with respect to what I stated and what you perceived it to be.

For the record, Extrovert asked the following:

.....if they are logged into the joomla can they get access into the godaddy account itself?

The question specifically asks "if they are logged into the joomla can they get access into the godaddy account itself?" and my response related to that issue, it was not in response to any wider issue relating to access.

But the above is a minor point and I wish you the best.