Floris
14th November 2004, 08:34 PM
Ever need someone to install a skin on your forum? Do it secure, do not give more access then needed. The designer could download your vBulletin files, read out your license number and even delete everything.
These days the majority of web hosts give you a control panel or shell access so you can setup multiple users on your domain, in the form of 'FTP' accounts. Normally if you don't enter a path you end up with yourdomain.com/~newuser So instead of a username, point it to an existing directory, like public_html/forum/images/newstyle/ and this way if the designer logs in, he or she will only get access to the new directory newstyle/ and can upload any required files.
And for the forum access - add a new temporary administrator and setup the access masks to only have access to the forums where the designer should have access to, no need for that person to read your admin threads right? And then setup the admin permissions so the designer only has access to the style / template permissions. This way he or she can't close, open your forum, change settings or look up user details, download a .sql dump of your forum or do any harm.
Two important things you can do to secure yourself even further - if ever needed.
And once the designer is done, remove the ftp account and the temporary admin account so any possible access is removed. And for additional security, change your admin password on the forum. Just in case you are paranoid (or just care about security).
These days the majority of web hosts give you a control panel or shell access so you can setup multiple users on your domain, in the form of 'FTP' accounts. Normally if you don't enter a path you end up with yourdomain.com/~newuser So instead of a username, point it to an existing directory, like public_html/forum/images/newstyle/ and this way if the designer logs in, he or she will only get access to the new directory newstyle/ and can upload any required files.
And for the forum access - add a new temporary administrator and setup the access masks to only have access to the forums where the designer should have access to, no need for that person to read your admin threads right? And then setup the admin permissions so the designer only has access to the style / template permissions. This way he or she can't close, open your forum, change settings or look up user details, download a .sql dump of your forum or do any harm.
Two important things you can do to secure yourself even further - if ever needed.
And once the designer is done, remove the ftp account and the temporary admin account so any possible access is removed. And for additional security, change your admin password on the forum. Just in case you are paranoid (or just care about security).