Hello,
I have a question regarding security when hiring a 3rd party to do work on my Drupal site. Is there a check list (or article) outlining:
a) What to do to before, during, and after granting access to your website? Changing your FTP and Drupal-Admin password and changing permissions to any user accounts are obvious—yet Drupal is quite large and complex and there is a lot of turf to cover in ensure there is no questionable activity.
b) Tips, Resources, and/or Directories for finding and securing the services of a proven Drupal developer.
In the past I have done all of my Drupal work, but over the last 18 months I have been swamped and have been unable to keep up with my wife’s site. Lately we have had some MySQL issues on the server due to the site and have had some tables that have needed repair twice now. The website is on 4.7.x and needs to move to 5.x. The hurdle in the past was the major component of the site was on Flexinode; a module was developed to resolve this and move it to CCK as well as addressing the UserReview module (which wasn’t 5.x compatible at the time). All we are looking for really is for a developer who can upgrade all the components to 5.x correctly, migrate Flexinode to CCK, and make sure the MySQL database is running smoothly (at nearly 100MB and 2.5 years old and having undergone a MySQL 4.0 to 4.1 migration and the hurdles of Latin1 to UTF8 character encoding it may need a quick overview). Obviously I want to find someone who knows what they are doing and is reliable/responsible.
Anyhow, I need some work done soon but first need to know how to arrange such work.
Thanks in advance for any assistance others can offer.
Ps- I am aware there is a forum here for promoting a bid and a link stickied about hiring developers:
I didn't post to that forum (for fear of mod repraisal!!) because my question is 1st security oriented and second how to specifically identify a reliable developer.
Comments
Is there any reason you would
Is there any reason you would only upgrade to 5.x and not 6.x?
----------------------
Nick Santamaria - Freelance Drupal Developer and Consultant
UserReview
Unforunately I have seen UserReview only work on 5.x. Flexinode and UserReview are the only big non-standard modules we used, but unfortunately a large chunk of the site's content is wrapped up in such. (Custom Recipe layout using Flexinode, user reviews with the review module). With over 400 recipes and thousands of reviews we don't wish to lose the content.
=-=
security = change whatever you information you give away. ie: if you offer an FTP password ensure you change it after the contract is up with the developer.
a list of drupal service providers: http://drupal.org/drupal-servicesa
freelance developers = the paid services forum.
a good guage can sometimes be found by looking at a users tracker.
How much have they contributed? What kinds of contributions were they?
yes, and more
That's true, but I think you need to be concerned about more. If someone has ftp access they can get your whole database. So, it must be acceptable to share that with them as well. They can also create any user they want and grant that user any permission they want.
Really, if you are concerned about security then you can never give access (ftp, admin user, uid1, etc.) to anyone you don't trust.
--
I'm an Acquian | Drupal Dashboard | Learn more about Drupal - buy a Drupal Book