I need to hire a developer to fix some things on my site but i don't want to give him access to sensitive customer and order data.
The site has been cloned on a subdomain, but now the site is broken after truncating certain tables in the database that contain sensitive data like orders and customers. I guess that's not the best way to do it.
So my question is, how do i deny the developer access to sensitive data?
I see you already developed a habit to remove my replies, even pretty harmless ones. And I can't even PM you about this. Very mature.uksitebuilder wrote: ↑Sat May 27, 2017 3:19 pmGet the developer to sign an NDA if you feel strongly about your data
And no, you suggestion to sign NDA is not a better reply, because if someone decided to steal your data, no NDA will stop him from this. NDA is just a stupid agreement, which can be easily ignored. Never ever it'll save a single bit of your data.
So I want to repeat my reply: developers DO NOT care about sensitive data. This means, nobody will steal your data or delete it. When you ask a developer to do some job, he just does this job. No data is lost or broken, nothing to worry about. But if you're THAT obsessed with contents of your site, learn some coding yourself. This is the best way to not disclose anything at all.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
I deleted your reply because it came across as condescending to the OP. We don’t need that sort of attitude on the forums.
Of course an NDA is of use, and no it will not stop someone from stealing the data, but can then be acted upon legally, if in the unlikely event, data is stollen, reproduced or acted upon that is out of the bounds of the NDA.
If I see a post that I do not think is helpful or unwarranted, I will delete it.
Of course an NDA is of use, and no it will not stop someone from stealing the data, but can then be acted upon legally, if in the unlikely event, data is stollen, reproduced or acted upon that is out of the bounds of the NDA.
If I see a post that I do not think is helpful or unwarranted, I will delete it.
It wasn't. I explained my idea pretty good: if you fear of data loss - learn to do things yourself. I don't see anything condescending in this advice. Moreover, I consider it THE ONLY valid response on such requests, because trust issues are pretty serious ones and can't be fixed with any kind of NDA.uksitebuilder wrote: ↑Sat May 27, 2017 3:41 pmI deleted your reply because it came across as condescending to the OP. We don’t need that sort of attitude on the forums.
Yeah, sure. You colleague and a fellow citizen paulfeakins constantly leaves sarcastic replies (which I personally like, since they're fun) and I didn't see you rushing to delete them. Looks kinda personal to me.uksitebuilder wrote: ↑Sat May 27, 2017 3:41 pmIf I see a post that I do not think is helpful or unwarranted, I will delete it.
Anyway, it's pointless to argue with you, since you won't ever admit, that sometimes you overreact. Yet you at least could enable PM, so people had an opportunity contact you on the matter instead of arguing in the topic.
No, it is not of use at all. You put too much into legal stuff, probably, because you live in the country, which assures its citizens in legitimacy and power of the law. In real life though these things mean much, much less. I happened to be born in the other part of the world, where you learn, that real life isn't all about the law and you shouldn't put all your stakes on legal stuff. Especially, in Internet, where you meet people from all over the world.uksitebuilder wrote: ↑Sat May 27, 2017 3:41 pmOf course an NDA is of use, and no it will not stop someone from stealing the data, but can then be acted upon legally, if in the unlikely event, data is stollen, reproduced or acted upon that is out of the bounds of the NDA.
I can sign tons of NDA with you, disclose your data right away and you won't be able to do anything to me. Trust me, I can and you won't. But I'll. of course, never do it, because I'm an honest guy in general and never con people in any way. Yet it doesn't mean I don't know how to do this, because I lived most of my life in a country of cons.
So once again: signing NDA is the most useless thing you can do, if you don't want to grant access to your data to someone you don't trust. You either find someone you CAN trust or do everything yourself. There're no other options, especially, when your task is directly related to your sensitive data.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
There is a problem with the question. If your site is having problems, the developer really needs to check the site in situ as a stripped down clone may not manifest the same problems anyway.
I think you need to find a developer you can trust.
That's it! Thank you, my friend.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
Trust has to be earned, i can't just let a developer who is a complete stranger to me sign a NDA and just hope for the best.
Anyone strapped for cash might be tempted to copy customer data and sell it off.
I do not have the time to learn coding myself. There must be a way to protect sensitive data or have it removed from a cloned copy.
The way i mentioned of truncating certain tables worked in some other projects of mine using different ecommerce solutions, why not in opencart?
Anyone strapped for cash might be tempted to copy customer data and sell it off.
I do not have the time to learn coding myself. There must be a way to protect sensitive data or have it removed from a cloned copy.
The way i mentioned of truncating certain tables worked in some other projects of mine using different ecommerce solutions, why not in opencart?
Why don't you want to hire a developer and work with him for a while on less sensitive tasks? Let him earn your trust.
To become tempted one should know, that your data may be sold for some cash. But, like I said above, in 99.99999% of cases developers don't care about your data and just do their job. YOU know, that your data is valuable, but for the stranger it takes time to learn it. It's not just "Oh, cool site! Let's steal data from it!".
All that hacker/thievery concept is a bit overrated. If you're not Amazon or Ali, nobody cares about your data.
What if the issue, you're having is caused by some of the truncated content? A simple part of text can be improperly converted and this can cause your whole site go down. So no, truncating is not the solution as well.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
That's a good idea, but that would require quite some time and multiple tasks. The issue i'm having now needs urgent care, i can't modify orders / setting status after installing SSL.
I know, most developers are honest and hardworking, but there are the rotten apples.To become tempted one should know, that your data may be sold for some cash. But, like I said above, in 99.99999% of cases developers don't care about your data and just do their job. YOU know, that your data is valuable, but for the stranger it takes time to learn it. It's not just "Oh, cool site! Let's steal data from it!".
All that hacker/thievery concept is a bit overrated. If you're not Amazon or Ali, nobody cares about your data.
7 years ago i had to deal with a sysadmin who stole the data of 100.000+ users, cloned and rebranded our community and then went on a crusade of spam. He made quite some money doing so but we have never been able to prosecute him. It created a lot of trouble for us. That's why i'm so careful, i never want to experience something like that again.
I've only truncated some tables on the cloned site database, the problem existed before truncation. It all started after installing SSL, looking at older threads there seems to be a problem with the API.What if the issue, you're having is caused by some of the truncated content? A simple part of text can be improperly converted and this can cause your whole site go down. So no, truncating is not the solution as well.
A rather funny discussion, to me, it sounds more like:
hey, I need a Doctor, but only one, sure not touching my Body, or even looking at me...
But if the Data, to handle, is so sensitive, that no-one can get near, I don't see, how anyone would be
able, to assist in the first place, regardless of, if it's a SHE or a HIM.
But better calm down, DEV's, it's not a warrior Zone here...
Ernie
hey, I need a Doctor, but only one, sure not touching my Body, or even looking at me...
But if the Data, to handle, is so sensitive, that no-one can get near, I don't see, how anyone would be
able, to assist in the first place, regardless of, if it's a SHE or a HIM.
But better calm down, DEV's, it's not a warrior Zone here...
Ernie
My Github OC Site: https://github.com/IP-CAM
5'600 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
That's a very rare case. Never met a female developer myself, which means they don't exist! :-)
Oh, come on! You of all people should know it is! Pew-pew!
So you went on your own crusade and now consider ALL developers being scumbags just because 7 years ago you had an unpleasant situation? We all were conned in that way or another, but it doesn't mean we should start wearing armor 24/7 to avoid being conned in the future. Moreover, the more you're trying to avoid it, the higher your chances to find even more experienced scumbag, who'll harm you much harder. This is what always happens, when people become too cautious.Xerobia wrote: ↑Sat May 27, 2017 7:25 pm7 years ago i had to deal with a sysadmin who stole the data of 100.000+ users, cloned and rebranded our community and then went on a crusade of spam. He made quite some money doing so but we have never been able to prosecute him. It created a lot of trouble for us. That's why i'm so careful, i never want to experience something like that again.
Let's get practical. Imagine, you have an issue and you hire me to fix it. I'm a scumbag. Usually to fix any kind of issue developer asks for:
- OpenCart admin
- FTP access
- Database access
If you give me database access, I can dump all your data in 2 minutes.
If you give me FTP, I can dump all your data in 2 minutes plus another 2 minutes to write a simple PHP script.
If you give me access to OpenCart admin only. Well... I still can dump your data, but it'll take much more time. Yet I won't be able to fix your issue.
But that's not all! I can leave a backdoor - a function or a file, which I can execute from browser and dump all your data whenever I want. Easy as pie!
To sum this up, you can NOT solve your issue without providing access to your site. Period.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
If you don't think you can trust developers that frequent these forums, regularly offer help for free and whose reputations would be irreparably damaged if you reported that they had abused your trust then I suggest looking on freelancer and selecting someone with relevant experience and a really good trust rating who also would not dare to have their reputation tarnished by negative feedback.
Whoa, it sounds like i stepped on some very long toes lol.
I praise developers who add to the community and help others for free. Without all the free info my business would not be where it is now.
But i really have to conclude that you guys (and ladies) are not business owners, otherwise you'd better understand where i'm coming from.
You have made me aware though that i need someone that i can really trust for situations like these. It will take some time but i'm going to work on it.
P.s. i think i found the problem. In the source file of the admin -> orders page there's several calls to httpss://, note the misspelling.
There are many others with the same problem in 2.2.0.0
I praise developers who add to the community and help others for free. Without all the free info my business would not be where it is now.
But i really have to conclude that you guys (and ladies) are not business owners, otherwise you'd better understand where i'm coming from.
You have made me aware though that i need someone that i can really trust for situations like these. It will take some time but i'm going to work on it.
P.s. i think i found the problem. In the source file of the admin -> orders page there's several calls to httpss://, note the misspelling.
There are many others with the same problem in 2.2.0.0
I am and I understand you perfectly. I simply don't have trust issues and know some coding. I trust people by default, and they have to earn my DIStrust.
Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com
The only way you're going to be able to deny a developer access to sensitive data, is to clone the site and replace all sensitive information with dummy data. Naturally, if they're to fix corrupted data (rather than just code), that won't work. If you're enough of an expert yourself to do that, you probably won't even need them! If you're concerned that they might steal data, select someone close enough that it would be practical to take them to court. Have them sign a written contract (on paper) before they get access, spelling out the security measures they must take (including the destruction of all data copies they may make in the course of their work) and reminding them that all data is your property. Don't get too heavy-handed, implying that you don't trust them right up front, but have enough of a paper trail that you can nail them in legal proceedings if necessary.
I'm sorry to hear that you got screwed over once before, but these things happen. At least you learned something from it ("fool me once...") and are trying to proactively prevent it from happening again. At some point in almost any transaction such as this, you're counting on the (more or less) honesty of the other party. By all means take reasonable measures to protect yourself, but at some point you'll have to trust them to some extent.
This does bring up an interesting point for developers. If you want to hire someone to change just code, would it be useful to have a supported way to swap out all potentially sensitive data with some standardized dummy/sample data, let the developer do their thing, and then once you've recovered control of the site, swap your data back in? If the code changes involve any data reorganization, the developer would have to supply SQL scripts etc. to massage the data (and won't be there if something goes wrong). There's also nothing to prevent them from inserting a back door or doing other malicious things, so it might be easier just to trust them in the first place. At least, you should know how to back up the whole site before turning it over to a developer, just in case something nasty is done and you need to restore your site to where it was before.
I'm sorry to hear that you got screwed over once before, but these things happen. At least you learned something from it ("fool me once...") and are trying to proactively prevent it from happening again. At some point in almost any transaction such as this, you're counting on the (more or less) honesty of the other party. By all means take reasonable measures to protect yourself, but at some point you'll have to trust them to some extent.
This does bring up an interesting point for developers. If you want to hire someone to change just code, would it be useful to have a supported way to swap out all potentially sensitive data with some standardized dummy/sample data, let the developer do their thing, and then once you've recovered control of the site, swap your data back in? If the code changes involve any data reorganization, the developer would have to supply SQL scripts etc. to massage the data (and won't be there if something goes wrong). There's also nothing to prevent them from inserting a back door or doing other malicious things, so it might be easier just to trust them in the first place. At least, you should know how to back up the whole site before turning it over to a developer, just in case something nasty is done and you need to restore your site to where it was before.
Last edited by MrPhil on Sat May 27, 2017 9:06 pm, edited 1 time in total.
Now, that's a mature and sensible reply, thank you.MrPhil wrote: ↑Sat May 27, 2017 8:59 pmThe only way you're going to be able to deny a developer access to sensitive data, is to clone the site and replace all sensitive information with dummy data. Naturally, if they're to fix corrupted data (rather than just code), that won't work. If you're enough of an expert yourself to do that, you probably won't even need them! If you're concerned that they might steal data, select someone close enough that it would be practical to take them to court. Have them sign a written contract (on paper) before they get access, spelling out the security measures they must take (including the destruction of all data copies they may make in the course of their work) and reminding them that all data is your property. Don't get too heavy-handed, implying that you don't trust them right up front, but have enough of a paper trail that you can nail them in legal proceedings if necessary.
I'm sorry to hear that you got screwed over once before, but these things happen. At least you learned something from it ("fool me once...") and are trying to proactively prevent it from happening again. At some point in almost any transaction such as this, you're counting on the (more or less) honesty of the other party. By all means take reasonable measures to protect yourself, but at some point you'll have to trust them to some extent.
I'll try to replace the cloned site/database with dummy entries and see if that works. I understand that only works for code, but that's all the developer needs access to.
Whoa, it sounds like i stepped on some very long toes lol.
Well, this place may be different from what you have seen before, but OC is all about money,
so, one cannot expect, to make many friends, to start with. For most Visitors, its more a TAKE
and GO anyway, and such behaviour kind of 'shapes' this Place, in a very 'unique' way.
So, it's not as easy, as it may look, on first view, one has to get used to it first. Still, one can find a lot
of knowledge, even for free, if one accepts the facts and habits. It's the only way, to get anywhere...
Good Luck !
Ernie
Well, this place may be different from what you have seen before, but OC is all about money,
so, one cannot expect, to make many friends, to start with. For most Visitors, its more a TAKE
and GO anyway, and such behaviour kind of 'shapes' this Place, in a very 'unique' way.
So, it's not as easy, as it may look, on first view, one has to get used to it first. Still, one can find a lot
of knowledge, even for free, if one accepts the facts and habits. It's the only way, to get anywhere...
Good Luck !
Ernie
My Github OC Site: https://github.com/IP-CAM
5'600 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Not at all, just stating as it is but I can see how you might think that with me putting it in one long sentence.
I am a business owner and there are at least a dozen devs on here I would trust. I don't mean the rest are untrustworthy, but I would actually be more concerned about the method of implementation of a fix, so I look at the way they go about fixing problems.
For example, I have assisted several people who have had problems occur because they had core files edited directly and its very difficult to trace or its easily overridden with an upgrade. This is more typical approach by a developer outside oc community as vqmod/ocmod are not well known outside it.
Anyway, glad you got it fixed.
Who is online
Users browsing this forum: No registered users and 27 guests
