Wow. First, is it normal that there is a list of smileys with all broken images at the top of the editor?
OK, this is an AITA post!
A developer who's module does not work has told me they need admin access to my store to fix it and they want FTP access. I do not use FTP or other plain-text protocols. I only use SSH. I upload files over the SSH connection either via command line or from my file manager (Linux/Gnome). The developer refuses to do anything to make their modules work unless I give them FTP access. No logs, no debugging, no advice, no explanations, just a repeated request to give him FTP access. I do not use FTP! I will not install FTP for the sole purpose of giving unapproved users access to my system!
They have access to download, upload, and install/deinstall their module from the admin interface. That should be more than enough! They say they need to modify other files, but refuse to tell me which files they want to modify! I have told them I will send them any file they want, I will even zip the entire directory and give them a database dump. No file will be changed without saving a "diff" first so I can see what is being changed and can revert those changes in an instant. They refuse and are telling me that I'm rude and unwilling to work with developers. As a system admin for decades, I find the idea of giving someone shell access to a production server to do development on is a massive breach in security. They could do all sorts of damage! This feels like a scam trying to install a root-kit rather than an actual developer trying to help.
Is this really acceptable these days? This is what I am getting from Opencart staff! How is Opencart staff so antagonistic and blatantly disrepectful of system security. I have security rules I need to follow to system security for the payment processor! I'm under the impression that if your module doesn't work as advertised, then I should get my money back and the module should be removed from the store.
Am I the asshole for not letting some total stranger be able to modify my store without supervision?
When you say "opencart staff", do you mean a 3rd party developer? Is it possible there's a language barrier that is complicating matters?
I'd imagine that the developer has gone through the process so many times that they have now found that the quickest and easiest way to fix people's problems is to just login via FTP and do it, and that quite a lot of people will just be happy to have their issue solved. I can understand why you would prefer for them to work your way with your system since security is so important, and no one likes to change their workflow to accommodate someone else.
It seems like you have a few options, learn how to fix it yourself, find a middle ground with the developer where you can oversee what they do and when they do it, or find another developer who will provide the support needed within your security requirements.
I'd imagine that the developer has gone through the process so many times that they have now found that the quickest and easiest way to fix people's problems is to just login via FTP and do it, and that quite a lot of people will just be happy to have their issue solved. I can understand why you would prefer for them to work your way with your system since security is so important, and no one likes to change their workflow to accommodate someone else.
It seems like you have a few options, learn how to fix it yourself, find a middle ground with the developer where you can oversee what they do and when they do it, or find another developer who will provide the support needed within your security requirements.
Not really
To be honest, if you do not give some unkown full access (and FTP is a kind of full access) to your server, than you are absolutely right.
And if those "developers" are not able to work with the files you are willing to share, or telling what they have modified, it's better you look for someone other - more serious - developer.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
It's all modules off the opencart store. I paid for them. They don't work. I can't even get a refundRiguPhoto wrote: ↑Mon Feb 12, 2024 11:46 pmIt seems like you have a few options, learn how to fix it yourself, find a middle ground with the developer where you can oversee what they do and when they do it, or find another developer who will provide the support needed within your security requirements.
This is for a module off the opencart store. I actually have a bunch that don't work and the authors keep telling me they need FTP. It's the payment gateway from one author and then 2 or 3 from another. The first just ignores me and the second is literally calling me names in the Opencart support ticket I opened.OSWorX wrote: ↑Tue Feb 13, 2024 1:46 amTo be honest, if you do not give some unkown full access (and FTP is a kind of full access) to your server, than you are absolutely right.
And if those "developers" are not able to work with the files you are willing to share, or telling what they have modified, it's better you look for someone other - more serious - developer.
I have to have FTP access to make a module work as advertised? Isn't the point of the module that you don't need to modify other files?
I paid for it, it doesn't work, one of the modules is the payment gateway so I can't open my store why I wait for a developer. It's been a week with no help and I can't even get a debug log or anything. You click the pay button and nothing happens. No error message, nothing. Developer wants FTP access. This started with it 1) Not installing. 2) After getting it to install, it showed it was Paypal (not the gateway I bought) and the configuration screen threw an error 500 (not even the right name on the module!! ). 3) Finally was sent a new one by the author and it gave a slew of strftime warnings and the buy button didn't work. 4) He fixed the strftime issue and reuploaded the module, but said nothing to me about it, not even a head up. 5) Module still doesn't work, no logs or debug mode to tell me why, and zero things to check - I am ignored because I won't give him FTP access. No refund, no response.
Meanwhile I'm making interest payments on inventory I can't sell.
As it seems, you have several problems ..
It would be good, if you find a developer you can trust - best one with a website you can verify who he is and from where.
For the FTP (access) you have to understand the following.
Case A - access via FTP
The devs can access the whole shop and the files inside.
Sometimes required to check files and/or to see if the changes are working.
In rare cases some output (triggers) are added in some files to see what's going on.
Overall, this scenario will help to decrease the time the dev has to work for you - because all work is done within the given environement.
Case B - no FTP
You have to provide a full copy of the whole shop (all files and the whole database) together with the used environement.
This to give the dev the change to build a second shop under same conditions you have - IF that is possible!
This option is possible, but requires a lot more work for the dev - and will increase massively the time (and therefore the cost for you).
Say the work will cost with FTP around 200,- Euro, without FTP you can calculate a sum of around 600 - 800,- Euro (for the same).
So, it's up to you what you will do - and how much you want to pay.
Working with FTP is nowadays standard for us, but if your security concerns are that big, you have to pay - much more.
I don't know from where you are (in or outside the EC).
But if you hire a company or a developer from the EC, they are responsible for the work - and finally can be punished if they do not work as expected and if you are not satisfied (after the from both sides agreed work!) or the final result is not as it should be.
A (possible) third option could be that you copy the instance of the current shop to another folder of the server (or similiar with the same environement!) and restrict the FTP access to this new shop only.
Therefore the dev can work and you shop is not compromised.
It's now up to you ..
It would be good, if you find a developer you can trust - best one with a website you can verify who he is and from where.
For the FTP (access) you have to understand the following.
Case A - access via FTP
The devs can access the whole shop and the files inside.
Sometimes required to check files and/or to see if the changes are working.
In rare cases some output (triggers) are added in some files to see what's going on.
Overall, this scenario will help to decrease the time the dev has to work for you - because all work is done within the given environement.
Case B - no FTP
You have to provide a full copy of the whole shop (all files and the whole database) together with the used environement.
This to give the dev the change to build a second shop under same conditions you have - IF that is possible!
This option is possible, but requires a lot more work for the dev - and will increase massively the time (and therefore the cost for you).
Say the work will cost with FTP around 200,- Euro, without FTP you can calculate a sum of around 600 - 800,- Euro (for the same).
So, it's up to you what you will do - and how much you want to pay.
Working with FTP is nowadays standard for us, but if your security concerns are that big, you have to pay - much more.
I don't know from where you are (in or outside the EC).
But if you hire a company or a developer from the EC, they are responsible for the work - and finally can be punished if they do not work as expected and if you are not satisfied (after the from both sides agreed work!) or the final result is not as it should be.
A (possible) third option could be that you copy the instance of the current shop to another folder of the server (or similiar with the same environement!) and restrict the FTP access to this new shop only.
Therefore the dev can work and you shop is not compromised.
It's now up to you ..
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
That depends!
Some modules / extensions do not need to modify other files, while some need that (especially if they are build on Events - like for OC 3 or 4, or OCMod - like for OC 2).
But at the end you should know always what's going on and what the module / extnsion does.
If the developer of that module / extension is not willign to provide these details - while if you're experienced enough and look inside the files of the extension, you will see everything.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
I think you are right not to give full access. Sounds like a really poor developer. Have you tried complain to OpenCart directly and asking for a refund?
https://www.opencart.com/index.php?rout ... rt/contact
The the strftime issue sounds like the extension was not compatible with your PHP version. There is sometimes the need to have more access, as hosting environments are different and there could be incompatibilities with other extensions.
If you really did need to get the extensions working, because you have no other alternative, then creating a very restrictive FTP account would be one option. If you have already given them admin access to install extensions then they already have as much access as an FTP account that was just restricted to the OpenCart directory.
https://www.opencart.com/index.php?rout ... rt/contact
The the strftime issue sounds like the extension was not compatible with your PHP version. There is sometimes the need to have more access, as hosting environments are different and there could be incompatibilities with other extensions.
If you really did need to get the extensions working, because you have no other alternative, then creating a very restrictive FTP account would be one option. If you have already given them admin access to install extensions then they already have as much access as an FTP account that was just restricted to the OpenCart directory.
Hi
I as a developer usually ask the customer to send admin and FTP access (or any other way to access the files).
When they do not want to give access for any reason, I provide support through AnyDesk.
Sometimes they send zip files from their site or template, which I install in my own localhost and fix the problem there.
I as a developer usually ask the customer to send admin and FTP access (or any other way to access the files).
When they do not want to give access for any reason, I provide support through AnyDesk.
Sometimes they send zip files from their site or template, which I install in my own localhost and fix the problem there.
As above sometimes it is necessary to have access, sometimes it is not, but a developer should always tell you what they have done.
You can ask your host about ftp upload and download log information.
In many ways this can make ftp one of the most secure options.
You can ask your host about ftp upload and download log information.
In many ways this can make ftp one of the most secure options.
DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.
https://www.youtube.com/watch?v=zXIxDoCRc84
Who is online
Users browsing this forum: No registered users and 5 guests
