Protecting parts of site from developers

Forum Moderators: coopster

Message Too Old, No Replies

Protecting parts of site from developers

optik

1:26 pm on Nov 23, 2009 (gmt 0)

I am going to get some help on a site from some PHP developers but want to make sure they can only access certain folders, I know through ftp I can limit were they can navigate but it's more what they can do via PHP even from a restricted folder.

The main things I need to protect are the folder structure of the server, the database schema and the contents of certain PHP files on the server. I know with the databases I can split up the database in to parts and protect the more sensitive information.

Any insight or experience on this would be good so I don't miss anything.

TheMadScientist

7:50 pm on Nov 23, 2009 (gmt 0)

Have you thought about moving everything they should have access to on to a test site so you don't ever have to worry about it?

If you have sensitive information it might be the best, most secure, easiest way. Then you know there is no way they can possibly get to or break anything you do not actually copy to the other site / server...

optik

3:53 pm on Nov 24, 2009 (gmt 0)

that would be happening anyway, but the development server will still have all the site files on it, my concern is a developer looking for security flaws or managing to hide a backdoor into a folder/file they weren't working on.

there is also a copying issue, I don't want a developer to simply be able to access all the site files and have a working copy of the site, there is a lot of custom logic that is of value.