I am working with a web design guy who I set up FTP access for but he now wants my user name and password to..

access my web hosting control panel so that he can implement the CMS he has set up ...does this make sense?
I am working with a web design guy who I set up FTP access for but he now wants my user name and password to..
Yeah he needs the user name and password to upload the file to your web server.





Alex
I am working with a web design guy who I set up FTP access for but he now wants my user name and password to..
how else can he upload the files?
Reply:Yea...the web design guy needs access to pretty much everything. Make sure you trust them.
Reply:that sounds hinky, don't give it to him, if he does something illegal under your user name and password they will get you not him!
Reply:Yes, he can upload the files though FTP, but he needs the control panel to create the database(probably MySQL database)
Reply:is the CMS for you or Himself ?





if it is for you then either he will need access to the control panel to set up the sql database


or


you will have to set one up and give him the database details
Reply:He is going to have to get access, but you can set up a different user for him. Or if you can't ask your host to do it for you. Have it set up so that the new user can't see your email and stuff, but can do the things he needs to do, like setting up the databases on your mysql server (or whatever).
Reply:It's not out of the question, there are other ways though, depending on what your ISP offers.





If you have a good ISP with shell access, you may be able to provide him with ssh access instead of ftp. (files can be transferred using sftp) But, this depends on how your ISP is set up. (I actually prefer working with SSH over ftp) this is dangerous and may or may not involve giving him access to your email. (depends on where/how your ISP does things)





The other thing you can do is have the web person design everything on his/her development box and ship you the files, where you install them yourself. This is some-what technical and you may have to pay extra for tech support, but if you don't want them to access your FTP settings, it may be a good idea.





Finally, there are "shell tools" that a person can use to access your account w/out your FTP password. This is kind of dangerous, but you could install it for him/her and then they could use that to upload stuff. (and change file permissions, etc..) depending on the nature of the project, this may take more time. (I've had to resort to this in some cases where I needed shell access on a host that doesn't provide it)





Keep in mind, this person probably doesn't want access to your account any more than you want them to have access. Logging in to someone elses account is really something a professional would prefer to avoid doing whenever possible.





In any event, one thing you absolutely MUST do is change your password BEFORE giving it to this person and then change it back when they're done.





The trick is to change it before giving it to them.





Also, don't send it through email - I've actually seen accounts get compromised by emailing passwords. This is was a serious problem for me, as it actually appeared as though I had compromised the system.





These days, I've opted a policy where I refuse to login to any account that has had its credentials emailed to me.





Change your password first and do NOT send passwords through email channels.