I'm stumped. I'm not so sure what is the answer to your question. I'll do some poking around and get back to you if I bump into an decent answer. You should email the people at iPage as they probably could answer your iPage question..
I was thinking about doing that, but I have no programming skills what so ever and I don't know were to put those files once I get it from him...
There is always a risk when allowing anyone access to sensitive areas of your business. It does not matter if you hire employees or simply pay a company. It doesn't matter if they are coders, accountants or stock handlers..
Consider this scenario....
You pay me to customize your site..
I place a file called "sensitive_data.php" in your catalog folder..
Sensitive_data.php is a file that outputs all of the tables that contain customer information. I would be able to access the webpage from any internet cafe even if the admin folder is protected..
You may think that the fact that the coder would eventually get caught is a deterant enough. You may be willing to risk it... or you may not..
You need to determine what all of your risks are and determine the best course of action to mitigate the risk and at the same time minimize the impact to your business..
To make an extremely long story short... the only way you can ensure that there are no problems from within is to have a one man operation..
Just my 2 cents,.
I guess it just comes down to trust, have a look at this thread I started and have a look at some of the posts on it, I am seriously considering opening up another forum that actually helps people solve their problems when they dont have the time, resources or technical skills to do some of the stuff within oscommerce..
It doesn't mean that these people are dumb it just means that they have more important things to do that mess around with php and mysql, they are busy running their businesses..
Have a look at this thread:.
It fits into this discussion and may provide you with a software developers point of view...
Probably a good idea would be to create an FTP account for the designer so that the master password is not given out. If there is a dispute you would not run the risk of the designer hijacking your iPage site (just delete the account and no more access). Also change your database password and don't use the same passwords. As people have pointed out trust is key but a little paranoia never hurts...
I am thinking about paying someone to design my oscommerce store for me but I am concerned about giving him the admin passwords. I want to know if I gave him those passwords and then later changed them when he was done designing the iPage site can he access it from any kind of codes he may put on the iPage site and what is a good measure to keep in mind if I do have someone make the site...
Why give them access at all if you're concerned? Dup your files, clean the database, forward them that. When they hand you the code back update your site, db yourself. No muss, no fuss..
Hope that helps a bit,.