Who to trust?

Hi everyone, I recently purchased this image slider http://www.cogzidel.com/addons/dolphin-auto-image-slider.

It's not working due to this error. I have dolphin 7.0.4 and there sales say it supports it.

So I have wrote to them and now they want my site's URL and my admin details to the site.

I was just wondering if this is a safe thing to do? and has anyone had dealings with these guy's?

What's the worst that can happen?  Sorry if it sounds noobish but I am.

I know next to nothing about internet security so Im thinking about just cutting my losses here and just not buying anything else from them.

Any advice appreciated.

Best wishes

Alan

It might help if you told us exactly what the problem was.

OK.. the screen shot helped

Open the file /modules/vendor/Module_name/install/config.php for editing and look for something like this:

(vendor will be the directory you uploaded the module to, and Module_name will be whatever they called it)

$aConfig = array(
/**
* Main Section.
*/
'title' => 'Blog',
'version' => '1.0.4',
'vendor' => 'Boonex',
'update_url' => '',
'compatible_with' => array(
'7.0.4'
),

/**

Note the text in red.  Make sure yours is 7.0.4, then save the file on your server.

Then it should install

WOW! that's a fast response! - Thanks Houston.

I uninstalled it all when I found out it wasn't working.

I've had a quick check - (I extracted to a folder on my pc) and it says 7.0.2.  I will change this to my version and check it out later as I have to do some more changes to the code before it will run.  It sounds like you have nailed the problem for me.

Once again many thanks HL

Unfortunately I haven't got time to try this as I have got to go out now, But I will update this thread hopefully with good news when I get back home.

Best wishes

Alan

HL probably hit this on the head.

at any rate to address your question. there will be times when you need to grant access to your site.

NEVER give out your login credentials

*BACKUP | BACKUP | BACKUP | BACKUP*

before you perform major work to your site, or grant others access to your site, backup your site.

1. create an ftp account for modder | developer (be sure to set the home directory to the correct home path)

2. remove that account immediately after the work was done

3. if you are on cPanel, and most are, to grant database access set the modders | developers IP in the Remote MySQL settings create a user for access to the database for that modder | developer

4. remove the access to your database immediately after the work has been completed.

*NEVER give out your login credentials*

i would say for the  most part these mod developers would be considered trustworthy, but i would still apply the rules from above, from a security perspective, not from distrust.

Regards,

DosDawg

I know your the server expert here, so perhaps you can explain something to me.

I have seen this advice of creating a separate FTP account for the developer on a number of occasions, yet i find it to not work most of the time.

Say you need to make a change to a dolphin core file. So you download it via FTP and then make your changes and the when you try to upload it, BAM. permission denied because of file ownership.

I usually just recommend the same logon ID always be used and change the password both before the work is started and after the work is done.

Fantastic! My image slider works really well - Super smooth! all I have to do now is fill it with eye candy goodness.

Thank you so much guy's for sorting the problem out - Only put the question out there about security really wasn't expecting to get the slider fixed.

If you can't tell Im really really chuffed thanks HL!

I have also learnt some important tips about internet security thanks a lot DOS and Deano

Best wishes to all

Alan

The reason for granting separate accounts for third-parties is:

a) to limit the areas the developer is able to access (e.g. just their module area) and/or

b) to cap the developer's quota (in megabytes).

Option 'b' is useful if, for example, the developer needs to modify only a little bit of coding and has an infected PC which starts to upload items to your server - then his limit is reached and you've prevented it all being uploaded. Or, again, for example, if you have limited bandwidth and he starts uploading huge files for some erroneous reason.

I've not come across an issue with permissions, but a workaround would be to copy the file with a modified filename to the same directory within the live FTP area itself, then work on the renamed file where it is. Or... edit using notepad/HTML coding software and then paste it back into the renamed file. It's always important to make a renamed copy/backup whatever you're modifying!

Oh i fully understand the reasons for it. I used to provide hosting myself back in the days before all these demanding multimedia sites required more bandwidth than i could provide.

It's the file ownership issue i have a problem with. I see it as a nightmare waiting to happen.

And your method to get around it does not really work for me. As it is left to the owner of the site to put these copies where they belong. I have two problems with that.

1) My schedule prevents me from providing people with exact time frames i can work on their site. So i get to it as i find time.

2) If someone asks me to install a mod, then i expect to be able to fully finish the job rather than count on the site owner to finish it and hope it gets done right. I mean there is a reason they asked for the install. And in most cases it's because they feel they can't.

Only reason i am asking dosdawg why he would suggest it is perhaps something that i am not aware of. Maybe cpanal or some server setup allows more than one FTP account to have access to the same files as if they are the same owner. Which is not the same FTP i grew up with.

I don't trust to no one on the world not ever my own shadow