Hey everyone so this is my situation ; i paid a developer to write a custom php script for a website i want to start , and im planning on customizing it myself in terms of colors fonts images etc... as i have html , css , and a little php knowledge as i took the php course over at codeacademy but didnt benefit from it that much . My problem is that when i recieve the script and install it ,i dont want the guy who wrote it to have access to my site, and i dont want him to know what domain it is installed on or anything about it , like when you buy a house you change the locks to make sure the previous owner doesnt have access to it ? Please suggest : 1- a solution for this that doesnt involve hiring someone else . 2- a good , well put together source to learn PHP and mySQL 3- im a quick learner , how much time will it take me to get a grip of php and mysql in general knowing that i have html , css knowledge and some php knowledge . Thanks in advance for your time and sharing your knowledge Omar T.
Depending on what the script does, and how complex it is, it can be easy or difficult to discern whether or not there are "backdoors" providing access for someone. However, if you've hired a reputable developer, this is a no-no. You don't code something like that. Given your very basic knowledge, it might not be possible for you to figure out if there is a backdoor or not. As for learning PHP, php.net has all the documentation, and there are thousands of tutorials online. Usually, I'd suggest you set a goal, something you want to make/accomplish, and then research methods to reach that. How long it will take is hard to say - a couple months to a year, perhaps, depending on how proficient you want to become. A couple weeks to get a basic understanding.
Hi thanks for taking the time to help . I think he's reputable ive dealt with him before and he has a website selling scripts . What about him having the script " phone home " like many paid scripts have ? And it is a classified ads website script i dont know how complex is that ? Is it complex ?
You know, you can always assign temp passwords and revoke when he is done. In this business, a little faith and trust goes a long way.
Hello and thank you for taking the time to read and reply . Could you please elaborate what you mean by the first phrase ? Passwords to what exactly ? And by the second phrase do you mean i should just trust him and then if issues happen i should worry about it ?
Then perhaps you should re-read your post, mate. If "access" you mean ftp/database then change passwords. If you mean you want to hide where it is going, well that just sounds weird and shady.
Oh no i plan on doing the installation myself . But i thought that if he didnt know whatDomain it is installed on he cant make use of backdoors if he put any in the code . And btw do you know anything about having the script " phone home " ? Can that give him any control on the site ? And can it be stopped ?
No, but you sound really paranoid. If it has a backdoor, then it will automatically tell him where it is after install.
It's perfectly fine to be cautious....but odds are if you are paying for him to create something for you he is only accessing your server to install it :-P
Hello thank you for taking the time to reply and help out . I plan on installing it myself so he won't even access my server for that . Odds are he most probably didn't plan on gaining access without permission right ?
If he wants any repeat business, he won't be doing anything of the kind - it will be detrimental to his reputation, and might also breach contracts and set him up for legal repercussions. So no, I wouldn't really worry about it. Depending on which license he's using (if any), or whether or not he's creating the script from scratch custom for you, he might be allowed a "phone-home" setup, to see usage statistics etc. However, this might not be present at all, and can be stipulated in the contract that it's not allowed nor wanted. Again, not knowing the script at all, nor the coder, it's hard to say if there's any chance for foul play, but chances are that he's just wanting to get the job done, and not planning on taking over or mishandle your site. And, as others have stated, if he does plan to much about, not providing him with the website location / domain won't help - that's trivial information to "phone home" about.