Does using remote desktop works, where they need to remotely access our PC in office and work on the code? We can block hotmail, gmail, yahoo mail.
Please don't do this, when our company was accepting client work people wanted limitations such as this sometimes. Dont be a client from hell http://clientsfromhell.net/
.. its soo annoying and usually that type of client got dropped.
I would suggest that in your retainer and contract you state that the work they are doing is your businesses IP and include a non compete. If you are working with a respectable firm then chances are they don't really need your source code to make a competing product if they wanted.
I would also pick someone in your state, so if hell ever did break loose its not a long drive to the court house
First and foremost, you need to get your freelancer to sign a "Copyright Assignment Contract" before work starts. Since the freelancer is not an employee of your business, by default, all code they write will be owned by them. By getting them to sign such a contract before work starts, you can be sure that you own all copyright in the work that the freelancer has written for your project.
Secondly, unless you're coding some really innovative top-secret IP, don't worry too much about the freelancer having access to your code - they are creating it after all. I guess the bottom line is to find someone that you can trust. Always obtain reliable references for anyone you consider taking on, and do remember to have a contract in place that states that they are not allowed to use your code, unless it is in conjunction with the work they are doing for you.
RDP/VNC won't help, as the freelancer could still copy the code over, even by writing it down on paper!
Hope this helps
Rackulous - Server Spectaculous
UK, Germany, Canada Xen & KVM VPS hosting
Full Gigabit Access Network | Native IPv6 /64 Supported | RAID10 disk storage | 2 UK based Datacentres | Experienced Staff | Managed Firewall Service
OSes Available: Arch Linux, CentOS, Debian, Gentoo, NetBSD, Slackware, Trixbox (Asterisk PBX), Ubuntu
You setup a test server with the application's parts you want them to work on. You may have to do some extra work to set it up depending on the application.
If lets say the framework is open source but you want to develop something custom for your business, you setup the just the stock framework and ask them to develop on it and send you the files changed, database etc. The part you would never be able to fully control is their work on your app. They can deploy it elsewhere without you knowing, even if you have an NDA in place. There needs to be some trust and credibility more than anything else.
Use version control on his own branch where he can upload files and see changes etc.. Once he commits to his working branch, have a hook from your source control automatically add it to your testing server where it's integrated with the rest of the script. Make sure your server also has disabled phpinfo, listing directories etc.. Obviously you're not protected if he has access to add php code to your server.. because I can write a script to scrap a server, send them over ftp, backup to another server, gzip everything in the dir and download it... etc...
With an NDA, Copyright contract you're protected from a legal standpoint.. You'll have to give him access to files he will need, that's unavoidable-main classes, variables etc.
It'd be much better if you're worried about that to find a reputable coder, or when developing large projects even having a basic api built in it or modular system with hooks before you bring in outside developers.
The best way to handle this, from my experience, is if the software you're working on is compartmentalized. So a freelancer can work on his part of the code - a module or a class that can be tested on its own, without needing to be plugged in to the greater framework. Then you get all those pieces together from the different freelancers and put them together. But for that to work, your software needs to be designed and encapsulized properly to begin with...
Give the developer some portion of the job, where the coding can then be added as an "INCLUDE" to the complete script (or just copied into it). I don't think RDP is needed; let them work on it remotely and allow you to view it. Then you can exchange the coding once you think it's close to completion.