Sometimes, while customizing or upgrading your website to introduce new features or prevent it from using a deprecated version of MySql/ PHP, online brand owners may need to contact an outside developer for help. If you are not comfortable enough with the CS-Cart code, you can always rely on the CS-Cart official developers. The common practice with developers as far as significant changes on the server-side are concerned is to ask the SSH access so that they could see the full picture, estimate the scope of work, and make the required changes on behalf of you. However, as your database becomes open to a third party, it may scare you. You may be worried about the purity of your developers’ intent accessing it: will they download the files you don’t want them to or do something with your database you won’t be able to restore. Let’s figure out when SSH is really needed and how you can guess your developer is trying to trick you.
Server access types
You might be surprised but apart from cPanel and FTP access types, there may be other types that are more helpful for developers in terms of the amount of work they can do for you. Sometimes, SFTP or SSH is the preferable one to help with your request. Speaking about Simtech Development, we ask FTP/SFTP (‘s’ stands for ‘secure’) access to your store’s files for evaluating, developing, or transferring a modification.
SSH/root SSH allows us to debug problems on the server, download database dumps, copy the store, configure and examine your server. Below is the table with the advantages, disadvantages, and considerations about each type of server access.
| SSH / root SSH | SFTP | FTP | cPanel |
| Advanced secure file transfer protocol with remote control capability | Secure file transfer protocol, therefore slower than FTP, but more secure | Simple file transfer protocol, no encryption or protection. | Hosting control panel. |
| Requires good experience from a specialist Secure Optimal for downloading/uploading a store, operating with the database, analyzing problems Root access allows us to configure/administer the server | Secure Suitable for simple tasks (installing an add-on, running single scripts) Doesn’t allow server configuration Not suitable for complex tasks such as problem analysis, storefront release | Suitable for simple tasks (installing an add-on, running single scripts) Unsecure and obsolete Doesn’t allow server configuration Not suitable for complex tasks such as problem analysis, storefront release | Secure Suitable for simple tasks (installing an add-on, running single scripts) Allows us to configure the server, but in limited mode Not very convenient for complex services such as problem analysis or store uploading |
How to securely share access
From our experience we know that FTP does not provide full access and is not that suitable for development as SSH. If we need to fix something quickly SSH is much better.
The access is temporal: if customers ask us, we always delete access after the update is released.
For brand owners entrusting their projects hosting to us, we guarantee the security of business data. It’s quite comfortable and secure to hire us for a full cycle of services to enter the market: license to start an online store or marketplace, infrastructure services like a hosting – to monitor all server-related issues, protect against hackers, and fix all kind of vulnerabilities, plugins – to expand the default functionality. Everything in one place with a quality guarantee and all legal docs available.
All data created by the Customer and/or stored by the Customer within the Company’s applications and on the Company’s servers are the Customer’s property and is for the Customer’s exclusive use unless access to such data is permitted by the Customer. The Company makes no claim of ownership of any web server content, email content, or any other type of data contained within the Customer’s server space and applications on the Company’s servers.
Excerpt from Legal Docs, Hosting SLA
According to our policy we are NOT allowed to make any changes without our client’s permission, so choosing Simtech Development, you don’t need to worry that we do something outside the agreement. We have worked in the industry for already 15 years and value our reputation.
To add access we usually ask to do the following:
1. Go to the website https://simtechdev.com/, and sign in;
2. Enter your login (your email is login, if you do not know the password, click on forgot password);
3. Go to HelpDesk account:
4. Go to Access information;
5. Add a record with access credentials.
Attention: please, do NOT submit the access credentials via the message due to security reasons.
The company will take all reasonable efforts to ensure the safety of the Customer’s data, located on the server. But the Company will not be liable for the data damage or loss if it occurred as the result of the Customer’s negligence. The Company holds the right to perform its own investigation to reveal the cause of the security breach, data damage, or data loss in case it will take place.
Excerpt from Legal Docs, Hosting SLA
How can you guarantee nondisclosure of my trade secret?
No worries. Your confidential information will be kept undisclosed. You can additionally ask for signing an NDA with us. We will send you a draft for approval: [email protected]
Closing
Someone with root access can do virtually anything, including covering any tracks they might leave. In fact, SSH is not always required as the table shows. If a third-party developer asks for root access where SFTP is more than enough, this is a sign of misbehavior. If you don’t have an existing reputable contact (preferably a legal entity in a jurisdiction you can go after and uphold your rights), you may be better setting up a new server, installing it yourself on the new server, contracting this entity to do any development work on the codebase to bring it up to modern PHP or making some database-related customizations/issue analysis. By doing so, you control what you provide them with. There are no technical solutions to every concern. The solution to securely giving SSH access is hiring a firm that has a reputation and signing an NDA with it.