protection from malicious programmers

[alanmorphew]

I am going to hire a programmer that I do not have any past personal experience with.

In case he is a malicious person trying to get credit card numbers and info, how do I protect my sensitive information? Can I give him access to the MySQL database? I was told my API username and password in my Paypal Module is not a risk. But I also have a payment gateway and a module that collects credit card data and forwards to the gateway. It was suggested that I remove that module before giving the programmer access to my PS site, and the set it back up after he is finished. Can I just pull it out of the modules folder before giving him a backup of the site?

What do I give him access to and what do I not give him access to? Any other precautions?

Thanks!

AM

[Dh42]

Is it someone that is reputable in this community?

 

Also a direct answer, don't just delete the module, uninstall it, that way it should erase the entries in the database. I always require access to everything but the payment processor, unless their is a problem with it or the person does not know how to set it up.

[alanmorphew]

I don't know if they are reputable in prestashop forum. I would assume they are. they have lots of good feedback on freelancer.com for mostly prestashop work. Is it safer to find programmers on this forum for any reason? I usually build html websites. This is my first prestashop project and I had too many problems so now I'm hiring outside help for first time, too. Please advise.

[Dh42]

Hmm, that is a tough question. I am sure their are reputable developers on freelancer.com, I am pretty sure some members of the forum here are members.

 

The reason I default to the forum is because you can really see how knowledgeable someone is before hiring them. You go through their post history, see if people have left bad comments about them or if they ask a lot of questions and seem like they do not know how to use Prestashop very well.

 

As for people here being reputable, the forum is more than likely the biggest repository of reputable PRestashop programmers on the internet. There are some people here that are less than reputable or misrepresent their knowledge, but that is everywhere. A lot of the developers here only work with Prestashop and nothing else.

[alanmorphew]

So if I uninstall the module it will remove sensitive payment information from the database. Then I can send programmer the new site files and a new copy of the database to work with.

Then, to get my client's working site back running correctly while the programmer is working on the new site, can I just take the module from an old site backup and put it in the module folder and also put an old backup of the database on my domain via cpanel? Is there a trick to this or just simply done as I just said?

And how do I hire people from this forum? Just ask for prices as I have a need? Are you available, you are a moderator so I would assume you are knowledgable in Prestashop.

Thank you.

[Dh42]

Think of a website like a house. Say you want me to build a house for you, but you want me to build it at my shop and then move it to your lot. What happens if say my shop was unlevel so I had to raise the back portion of the house up, but when I get to your lot it is perfectly level. The backend of your house is going to be higher and it will take more work to get it fixed. That is a good analogy for why you should let someone develop the site on the server it is going to be deployed on. There are hundreds of different server set ups and hundreds of different things can go wrong moving a site from one to another. If you don't give the developer access to the server and something comes up, you will more than likely have to fix it yourself. Also part of what I do before I send a site live is test several transactions. You never know what can be broken until you try to test everything.

 

The hiring of people here is pretty straight forward. There is a forum for modules and job offers. Just post what you need done and several developers will contact you.

 

What payment module are you using? In your case it might be easier to export everything, then open the sql dump and delete the values by hand. Since you know the api information, you can open it and do a search and replace for nothing.