Post by beeman » Wed Aug 20, 2014 2:44 pm

Hello, I'm in a bit of a situation. I have a problem installing an extension and the seller of the extension asked for Admin and FTP information. How do other owners go about giving login details to coders and how do you protect yourself?

Do you give them full access? Are there ways to limit access to protect your site and customers' information?

Any tips, advice, recommendations are greatly appreciated, thanks! :)

Newbie

Posts

Joined
Tue Nov 13, 2012 11:12 pm

Post by OSWorX » Wed Aug 20, 2014 4:07 pm

beeman wrote:Hello, I'm in a bit of a situation. I have a problem installing an extension and the seller of the extension asked for Admin and FTP information. How do other owners go about giving login details to coders and how do you protect yourself?

Do you give them full access? Are there ways to limit access to protect your site and customers' information?

Any tips, advice, recommendations are greatly appreciated, thanks! :)
Basically this is a matter of trust.
If someone asks me for such a support, my first reply is to give me those details, otherwise any work is not possible.

But what always should be done:

1. create a seperate admin login - optionally assign only those menu items this guy shall access
2. create a seperate FTP-user - optionally to the shop folder only (if you have also other folders/files on this web)

Both accounts should be deleted immidately after the work is done.

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by Dhaupin » Wed Aug 20, 2014 11:59 pm

In addition to the thoughts from osworx, make a full backup of entire filesystem of your server, the server itself, and all databases before letting anyone in.

After giving them an FTP account, you can monitor what they are doing by opening SSH and checking /var/log/messages. Example:

Code: Select all

[root@myserver]# grep theFTPusername /var/log/messages

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by OSWorX » Thu Aug 21, 2014 12:56 am

Thx @Dhaupin - forgot the backups.

Beside the standard backups every shopowner should make regulary - if not automated by the server / provider at least once every 3,4 days outside the shop folder.
A cronjob is done within 1 minute.

If the backup for that particular job was forgotten and something fails, the backup is restored in a few minutes.

And if you do not have SSH access, ask your provider to hand out the server logfile.

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by IP_CAM » Thu Aug 21, 2014 4:17 am

This Mod allows you to enable anyone to directly access your Shop Admin Section. If you have a MySql Editor as well as a file-editor installed already, one should be able to handle just about any problem.

If you want to quit remote support, just disable/remove the Access-Link and it's privileges again.

It's not for free, but it helps and keeps other from total access to your Server.

http://www.opencart.com/index.php?route ... on_id=8507

Ernie

openshop.li

I'm no longer active at the OC Forum. To reach me, contact: jti@jacob.ch
A Demoversion of my free OpenCart LIGHT v.1.5.6.5 Software Edition
can be seen in Action here: http://www.jti.li/shop/
---
940+ FREE OC Extension-Repositories - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
---
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by MarketInSG » Thu Aug 21, 2014 10:17 pm

a developer would definitely prefer direct FTP access, and not a web based interface. It slows down technical support when using those web based tools.


User avatar
Guru Member

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore

Post by OSWorX » Thu Aug 21, 2014 10:47 pm

MarketInSG wrote:a developer would definitely prefer direct FTP access, and not a web based interface. It slows down technical support when using those web based tools.
+1 !
But there are many out there who think they are a developer.
On the other hand of the time gets paid - the connection can be slow as it was 30 years ago.

Custom Development | Individuelle Entwicklung | Support & Bugfixes

Image Image Image


User avatar
Guru Member

Posts

Joined
Mon Jan 11, 2010 10:52 pm
Location - Austria

Post by Johnathan » Fri Aug 22, 2014 12:44 am

iSense has a free version of an extension like Ernie mentioned, which I haven't used but looks like it be useful:

http://www.opencartx.com/codemanager--- ... r-opencart

That being said, it's much easier if you trust the developer (and most are truthworthy) to just give them access and then revoke it afterwards.

Image
Image Image Image Image


User avatar
Global Moderator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by IP_CAM » Fri Aug 22, 2014 2:12 am

Johnathan wrote:iSense has a free version of an extension...
I knew I had seen another one, found it on of of my Test Sites.
Works well, but sends not invitation Mails.

best regards,

Ernie
openshop.li

I'm no longer active at the OC Forum. To reach me, contact: jti@jacob.ch
A Demoversion of my free OpenCart LIGHT v.1.5.6.5 Software Edition
can be seen in Action here: http://www.jti.li/shop/
---
940+ FREE OC Extension-Repositories - from OC v.1.5.x up,
on the world's largest OC-related Github Site: https://github.com/IP-CAM
---
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by justcurious » Sun Aug 24, 2014 2:04 am

In addition to the above, see what other extensions the developer is offering, and look at the feedback and ratings of those.

You will get an idea of their trustworthiness to help you decide how much access to give them

I do agree with Osworx and MarketInSG, though, it is much easier for a developer to help you if they can have FTP and admin access.

Google Product Feed - Get your products into Google Shopping. Includes a bulk update facility.
Backup Pro - Backup (on demand or scheduled), Restore and Clone your store.
Freestyle Box - Add multiple information boxes on multiple pages of your store. Includes optional "Code Mode".
View my other extensions


User avatar
Active Member

Posts

Joined
Sat Dec 24, 2011 4:36 pm
Location - UK

Post by MarketInSG » Tue Aug 26, 2014 2:41 pm

another way is to use teamviewer when the other party has a stringent company policy and does not allow external access. However, it's funny that if they have such stringent policy, they do not have the resources to fix any issues themselves.

So for whoever that happens to browse across this topic, if you can, please provide access for quicker resolution of your issues :)


User avatar
Guru Member

Posts

Joined
Wed Nov 16, 2011 11:53 am
Location - Singapore
Who is online

Users browsing this forum: No registered users and 18 guests