1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to have freelance developers work on your server securely?

Discussion in 'Plesk for Linux - 8.x and Older' started by eggman2001, Apr 29, 2007.

  1. eggman2001

    eggman2001 Guest

    When I transfer files to my server, I always use SFTP so I'm minimizing the chances of someone else gaining ftp access to my server.

    However, occasionally I have freelance developers work on my server (usually using a subdomain exclusively for development - i.e. dev.domain.com). When I send the developer the ftp login credentials, I do it via e-mail. I don't send them SFTP login info because they they could gain shell access and I don't want that.

    Because I'm sending them the ftp login through e-mail, it's not secure. However, what would be the risks if this should fall into the wrong hands? Could someone upload a script that will attack my entire server? Or does plesk partition the directories in some way where they'd only be able to attack the folder that the malicious script gets placed in?

    If what I'm doing is not secure, does anyone have any suggestions?