|
#1
03-26-2007, 04:54 PM
|
||||
|
||||
Should I have done this?
Hi everyone.
I have hired a coder and he's been working on my site. Today he needed my password, IP address and server information that hostgator sent me when I signed up, so he could upload my site. I forwarded him all the information hostgator sent to me. Should I have done this? I'm not a techie and I don't know if I could have uploaded the files for my site myself, and he needs to test everything to make sure it works. I didn't see any other way to do it. My plan is to change my password after the site is up and working, and if I need his help again I can always give him the new password and change it again. Is it normal procedure to give your password and the other information I mentioned to a programmer so they can upload your site? Is there anything I should know or be aware of or change besides my password? Thanks! Kim 
|
|
#2
03-26-2007, 05:01 PM
|
||||
|
||||
|
Re: Should I have done this?
I would have given him his own FTP account to upload the files. This way he can't access your cpanel to screw around with all of your other settings, and you can easily disable the ftp account.
-Matt
__________________
Follow me on Twitter! http://twitter.com/mrw
|
|
#3
03-26-2007, 05:24 PM
|
|||
|
|||
|
Re: Should I have done this?
But, when his work is finish you can simply check-out if to see if there is not some backdoor or DB access and change the cpanel pwd.
If you have DB or some "Not flat" stuff, he need to acceed mysql, phpmyadmin, and maybe an E-mail for test the forms. I will not worry so much, a coder is not a hacker since he do not have to sweat as a coder.
|
|
#5
03-26-2007, 07:09 PM
|
||||
|
||||
|
Re: Should I have done this?
I normally get cpanel access (or whatever control panel the customer is using) on all of the jobs I do. I don't accept jobs with just FTP access, because it makes it just too hard. When available I also take shell/root access. Specifically for ecomm work, I almost always demand shell/root access.
The one access I do not ask for, don't want and will not take is access to payment systems, like Authorize.net, paypal accounts and things like that. There is NEVER a need to give that to a designer/coder. Anything they need, (like transaction keys/password combos) they can get from the client. Authorize.net's official stance is that account access should NOT be given to designers.
|
|
#6
03-26-2007, 08:10 PM
|
||||
|
||||
|
Re: Should I have done this?
I'll agree that I usually get cPanel access as well when I do a site, but this programmer is from rentacoder and it's your first time working with them. It just seems to me that an FTP account would be best unless there's a compelling reason to do otherwise (databases needed, etc..). Even with database, you can always have them use a mysql program instead.
To me, some random coder from rent-a-coder that you've never worked with before needs to earn the trust before full cPanel access is given.
__________________
Follow me on Twitter! http://twitter.com/mrw
|
|
#7
03-26-2007, 10:33 PM
|
|||
|
|||
|
Re: Should I have done this?
As long as you made a full backup of your site in cpanel before giving out the username and password, its not too great of a risk. Just make sure that you're billing password is different than your cpanel password, you can do that by emailing sales@hostgator.com and getting it changed if needed.
|
|
#8
03-27-2007, 08:46 AM
|
||||
|
||||
|
Re: Should I have done this?
Quote:
Quote:
|
|
#9
03-27-2007, 12:50 PM
|
||||
|
||||
|
Re: Should I have done this?
I'm pretty sure I can trust this guy. He's from India, which was intially a red flag to me having done business with people from that country before and being disappointed, but this guy seems to be the real deal. He ranks 103 on RAC out of over 171,000 coders. He's got excellent reviews and he has recieved the top coder award. I've been in contact with him almost every day via google talk.
The coder said he'll upload the site tomorrow for me to see. It isn't finished yet, but he wants me to be able to look at it anyway. I wasn't aware I could give the coder his own ftp account and I wouldn't know how to do that. I also wasn't aware that I have more than one password. I forwarded to the coder a copy of the email I received from hostgator when I signed up. I will have to look into the multiple password thing. I haven't given any other information than what was in that letter from hostgator. But, I just thought of something. I'm going to be using paypal for my shopping cart. My coder will have to add paypal to my site. I have a paypal business account which we'll need to use. How do I get around not giving him my password there? As for backing up my site, how do I do that? Right now there is no site to back up. Thanks for always looking out for me and being so helpful! Kim
|
|
#11
03-27-2007, 02:11 PM
|
||||
|
||||
|
Re: Should I have done this?
I guess I'm just a little more careful than other people here. They talk about trusting and backing up your site, changing passwords, etc...and I say, why bother? Unless he needs phpmyadmin access, what benefit do you get from giving him cPanel when he can have access to all the files he needs with FTP, without compromising anything else you have set up. You can make him an ftp account in cpanel-->ftp manager. In the directory box use "/" without quotes instead of what is auto filled in. Remember, the full user name will be username@yourdomain.com.
__________________
Follow me on Twitter! http://twitter.com/mrw
|
|
#12
03-27-2007, 03:41 PM
|
||||
|
||||
|
Re: Should I have done this?
Well, I changed my billing password. It turns out that it was the same as my cpanel password. A huge thanks for the tip on that one!
The coder is doing the site in php and mysql....so he will need access to these areas. I don't have any files on my site to back up. It's empty. Is there something I'm not aware of that I should back up? Thanks! Kim
|
|
#13
03-27-2007, 04:58 PM
|
|||
|
|||
|
Re: Should I have done this?
Quote:
|
|
#15
03-29-2007, 06:56 PM
|
||||
|
||||
|
Re: Should I have done this?
Thanks, you guys. My coder uploaded the site today. It isn't quite finished, but at least there is something to see. He said he'll have it completely finished in a couple of days. He has done a wonderful job for me and I couldn't be more pleased. He seems very honest, but I'm still glad I found out about changing my billing password.
Now I just have to figure out what to do about paypal. Won't he need my password in order to connect the site to paypal? Should I attempt to do this myself? Those of you who know me know how naive I am about the tech stuff. I know almost nothing, but Paypal has instructions on their site so if you think that's the way for me to go I'm willing to give it a try. Otherwise, how should I proceed to keep my password and account safe? Kim
|
|
#17
03-29-2007, 08:43 PM
|
||||
|
||||
|
Re: Should I have done this?
Quote:
|
|
#18
03-29-2007, 08:48 PM
|
||||
|
||||
|
Re: Should I have done this?
Chances are you don't need to password to code in what sends the data to Paypal (none of the zillions of shopping carts we tested last summer did) but getting data from Paypal is where you'd need it.
You probably look at your sales stuff at the Paypal site or use some kind of interface that you got from them...ie., is your programmer working on any post-sale accounting stuff for you? If not, the issue probably won't even come up.
|
|
#19
03-29-2007, 09:17 PM
|
|||
|
|||
|
Re: Should I have done this?
PayPal uses a ping-pong system to send information to the script you set as the IPN notification URL. Passwords are not nessary becsue your script dosn't get information from anywhere, paypal sends it to you
|
|
#21
03-29-2007, 10:17 PM
|
||||
|
||||
|
Re: Should I have done this?
BTW, for Authorize.net there is no need to provide the password either, just the username and transaction key.
Edit: if a script asks for the username and password, find a new script. Some do, some don't. The good ones don't. Don't use scripts that require the username and password combo, you are opening yourself up to a lot of fraud. I couldn't find one that used username/transaction key, so I wrote one myself, it isn't that hard.
|
|
#22
04-01-2007, 01:08 PM
|
||||
|
||||
|
Re: Should I have done this?
Ok, no giving out my password. That's a relief. Thanks!
Now, a question. I went to Paypal IPN to turn it on, and it asks for a valid URL for receiving payment notifications. Can someone tell me what this means? Do I give the URL for my products page for this? Thanks! Kim
|
|
#23
04-01-2007, 05:14 PM
|
||||
|
||||
|
Re: Should I have done this?
What is the exact wording of what they want? In otherwords, is it you or Paypal receiving the notification?
Usually, gateways need to receive the info from a shopping cart and they want to know the legitimate address from the shopping cart when the whole thing is added up and the customer is about to pay so the gateway can run the correct amount and credit the correct account. If this is what Paypal wants, your programmer can give you the correct URL (it may be dynamic, depending on whose cart it is and the payment processing method). Somewhere, perhaps in Paypal help, it will explain what it's looking for.
|
|
#24
04-01-2007, 08:35 PM
|
||||
|
||||
|
Re: Should I have done this?
It wants the full path of the file that will post to the IPN system, like
https://mydomain/shop/purchase_form.htm
|
 |
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
All times are GMT -5. The time now is 05:15 AM.