How to disallow a programmer from accessing Webmail?

I have hired a programmer to develop a small website (web catalog) for me. He have finished development and now he want cPanel user/pass to create database and upload website (replace old site).

Is there any way where I can give him cPanel password, but make sure that he is not able to view my business emails?

I trust him but still do not want to take chance, since he have a few more people working in his office (designers, developers etc.)

One option is that I do all database creating and uploading myself, but I do not want to be in the loop all the time during bug fixing etc.

Please advise.

 

Heya,

You raise a very valid point that many do not realize when providing access to developers on their servers. With cPanel however, the chace the webmail link in the email accounts section from actually logging in without a password is slim to none. I may be wrong, but I am fairly certain it is cookie based from the person who created the email address itself.

With that being said, if you changed your email password at any time, the automatic login will not work. Feel free to test this as well. Please keep in mind, they could very well just change the password but you would indeed know unwanted access was made.

In most cases, it is best to just provide the developer with an ftp account as well as database access to the individual database being worked on with their own database user and password to restrict unwanted access.

 

Thank you for replying.

He cannot access the webmail directly with cPanel password, he must have login/pass of specific email to access webmail. But with cPanel password he will have access to complete account, and "mail" folder on server can be accessible in which all mails are saved (in form of raw data); which someone can use to grab the data, customer information etc.

I am not sure if I could explain it well enough.

FTP access I already gave him, but he wants access to database as well. How can I give him access to indvidual database without giving him cPanel password?

Regards,

 

There's a location that allows you to setup "allowed" remote database management, under "Remote MySQL", then provide the programmer with the name/pass of the database in question so he can manage it remotely.

 

There are 2 things here which you can do.

1. Create an additional FTP account so that developer has access to website content & not to mail content. Example, cPanel user has access to all the data. Create a new FTP account and assign the privileges for /home/cPanel-user/public_html. Doing this he will get access to website content. Mail are outside the public_html.

2. To provide database access to developer, enable remote database access to his IP as mentioned by ironcladservers. He can connect the database remotely with mysql username and password. An application widely used it SQLYog.

Hope this helps