Results 1 to 6 of 6
  1. #1
    Join Date
    Jul 2009
    Posts
    58

    Question FTP-only access - still a security risk?

    Hi

    I am new to cPanel and I hope someone can help to advise

    I presently have a cPanel hosting account with several subdomains
    i.e.
    mydomain.com
    sub1.mydomain.com
    sub2.mydomain.com

    I would like to give an acquaintance FTP-only access to the files in sub2.mydomain.com
    I can accomplish this by creating an FTP account limited only to the directory for that subdomain.

    Now my question is: Since the files in that subdirectory are still owned by the user:group of myself:myself, would malicious scripts inadvertently uploaded by the acquaintance result in the compromise of all my other sites?

    If so, what is a better arrangement to enable the acquaintance to edit files in sub2.mydomain.com ?

    Thank you!

  2. #2
    Well it seems for some reason you suspect this so called acquaintance will be doing some type of damage and is not trustworthy. I'm not sure what type of files he is editing, however you can always email the files.
    EGC Solutions
    Extreme Personal & Business Hosting
    99.9% Uptime 30 Day Money Back Guarantee
    Cpanel Fantastico & Much More!

  3. #3
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,842
    Quote Originally Posted by syaman View Post
    Now my question is: Since the files in that subdirectory are still owned by the user:group of myself:myself, would malicious scripts inadvertently uploaded by the acquaintance result in the compromise of all my other sites?
    Yes.
    If so, what is a better arrangement to enable the acquaintance to edit files in sub2.mydomain.com ?
    If you don't trust him, you think he's going to upload malicious scripts, why in the world would you want to give him any access?

    But if you must, getting yourself a reseller account and giving him a separate cPanel account under it would be the minimum I'd consider.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  4. #4
    Join Date
    Aug 2009
    Location
    Montreal
    Posts
    1,606
    As foobic suggested, a reseller account would be a better option.
    CrocWeb :: Canadian Web Hosting
    Accelerate your website, maximum performance!
    www.crocweb.com :: Since 2009 (Montreal, Quebec)

  5. #5
    Join Date
    Apr 2009
    Location
    New York City
    Posts
    5,054
    I think a Reseller account would do you better than trying to do what your trying to do now. Also my question is, if you don't trust the person then why give him access to the hosting files threw FTP.

  6. #6
    Join Date
    Jul 2009
    Posts
    58
    Thanks guys for the response.

    Actually I do trust him, but working relationships may sour and computers may get compromised, so I just wanted to be ready in case any of these happen

    Ok I will explore a reseller account then as recommended

Similar Threads

  1. "owner" ID in ftp client -- security risk?
    By michael_maberly in forum Web Hosting
    Replies: 18
    Last Post: 04-10-2008, 07:13 PM
  2. SSH Access. How much of a security risk is it?
    By malcolmk in forum Hosting Security and Technology
    Replies: 26
    Last Post: 10-17-2004, 04:46 PM
  3. Security risk?
    By aloosenation in forum Hosting Security and Technology
    Replies: 65
    Last Post: 01-31-2004, 08:56 PM
  4. security risk
    By BalAncE in forum Hosting Security and Technology
    Replies: 2
    Last Post: 07-16-2003, 08:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •