1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Overcomy fear for my clients

Discussion in 'General Programming Chat' started by gene_nero, May 18, 2013.

  1. gene_nero

    gene_nero Newbie

    Joined:
    May 15, 2013
    Messages:
    39
    Likes Received:
    4
    Occupation:
    Thinking
    Location:
    Internet
    I am a noob at BHW but have been revolving in internet marketing circles for quiet some time now. I love web design and marketing, as well, see much potential and profit in near futures. My major concern is invasion of destructive manipulators who would want to hack your site or some how desire to make gains from inserting malicious code. Briefly, I use the services of foreign proffecionals who create many web components for my clients which have been proven to be effective and inexpencive to meet my clients budgets and demands. One of my team members left and I found a great source to replace him where a credible team of designers and programs do extraordinary jobs. I have trusting issues with cetrain promisses that people can make and have no acceptance of credibility until I have the final producte and time has passed ( and everything works). This is because when it sounds too good to be true it usually is. My final question to the people with knowledge of Magento, how can I protect my clients from malicious attacks made by (too good to be true) designs and programers? How can you really know that all images and all the programing is clean and original, without checking it and researching on my own, as well as, hiring a million people to do it for me? I would rather not have any business than to (even unwillingly) hurt any of my clients. I hope I can find confederates who understand my concern. I will accept any advice possible. Thank you in advance. "
     
  2. seocoder

    seocoder Newbie

    Joined:
    May 22, 2013
    Messages:
    12
    Likes Received:
    0
    Hello ,
    I'm going to share with you my 2 cents.
    #1 - Many CMS and ecommerse platforms use a pattern called MVC [Model View Controller], in which the code is split in a way that designers only modify the visible part of the site [the View] , programmers control the whole process with the Controllers, and perhaps a DBA modifies the way the data is retrieved from the database using the Model. If you hire someone to do styling changes, then in no way you allow them to edit your view or your controller. Of if the system you are using uses templates, you just let the designers edit the templates. Now, this is not a very perfect or infallible way for securing your system, because you still need to check the code you add to your Models, Views and Controllers.

    #2 - I you want to secure your system, you need to find a very good php developer. Not only one that haves good knowledge of PHP, JavaScript, CSS and MySQL , but he also need to have strong work ethics so you can trust him. If you don't trust your developer or designer, why are you working with them at first place? Also, if you expect to find a developer with all these traits, but you want to pay him peanuts, the only developers you'll get to work with you are the unexperienced or/and unethical. In web development, most of the time, you get what you pay for.

    I can assure you that there are very good and ethical programmers out there, you just need to find them.

    If you find a new developer, try giving him small projects that you need to get done, but that will help you built trust with him, and after you get good results, give him slightly large projects until you are fully confident that such person won't let you down.
    That, or you can hire two devs, one for coding, and another one for checking the security of the code that the other dev coded.
     
  3. subster

    subster Elite Member

    Joined:
    Apr 5, 2008
    Messages:
    1,864
    Likes Received:
    1,448
    Location:
    Krauthausen
    you could install sucuri to have the sites checked daily for encoded/malicous code on ftp level