[BlueOnyx:07398] Question about suPHP
Darrell D. Mobley
dmobley at uhostme.com
Fri May 27 14:30:17 -05 2011
Let's say you have a website with suPHP enabled and that client wants to
allow a vendor to install an add-on to an ecommerce engine he is running.
Said vendor requests access to FTP, phpMyAdmin and the ecommerce engine.
Last one is simple, create him an ecommerce admin login, but FTP and
phpMyAdmin access allow an unknown entity to access the client's site and my
server if he were given the site administrator login information.
Under the current scenario, I switched suPHP off, created a separate site
administrator account so I can see what he uploads via FTP, and if nothing
stinks, I can turn suPHP back on and it will reassign his files to the
primary site administrator.
Is there anything wrong with my reasoning or is there a better way to allow
a third party to have access to a client's site while leaving suPHP enabled?
More information about the Blueonyx
mailing list