Habbox/HabboxLive/HabboxForum access for Site Coders

[Jin]

K thread closed because most of the things said here are worthy of the extra chromosome award "/

So allow me to correct you:

• Correction number 1 - Just because you have access to one folder does mean you can access everything or take down a whole server - A properly configured server won't allow anyone to stray out of their directory and it will terminate any script that is trying to run away with resources. Why is this? Oh because of something called shared hosting where 1000's of separate users run on the same machine so if one **** decides to try and run a script to take down the whole server why should they be able to do so and take down the other 999 customers?
• Correction number 2 - Just because they can program doesn't mean they need access to the entire site directory - So just because I am a programmer I should have the right to access every single file on the site? Despite the fact that the applications I work on don't even concern the files in the other directories? It only takes one rogue line of code to really screw things up for people, for example vBulletin. By including 2 lines of code into the login.php file I can create a condition where everytime someone logins succesfully their username and plaintext password is written to a .txt file or even emailed to a private email account.
  
  Not only does that compromise the security of admins of the forum but also the users because I wonder how many people on this forum use the same password for habboxforum and something else such as their email address or habbo account. As soon as you have compromised someones email account you can get hold of every little detail about them including paypal accounts, home address, mobile numbers, home numbers, photos, schools etc.
  
  The worst part is it would be that the changes would be undetectable without having to create a script to compare the checksum of each file on a daily basis to check for modification.
• Correction number 3 - One rogue site coder will mean that we have no idea who to blame or fire or what to restore - Even if one person compromises habbox.com we wouldnt be able to track what was changed so that would mean we would have to restore the whole of an entire site to what it was the day before. If they had access to all 3 sites then we would have to restore all 3 sites as who knows what they have done to the other sites such as opening a backdoor or uploading a shell. By limiting them down to directories we reduce our workload in case of a problem unfortunatly some powermad children are a bit too stupid to realise this.
• Correction number 4 - You seriously need to be a moron to give out access to areas which are not needed - Computer Security 101, limit access to what is neccessary. Nobody apart from the person who needs to update the software or configuration file needs root access. Jamesy has it to the forum, Oli has it to all cpanels, Matt has access to the account root and me, sierk and the other server techs have access to the server root.

• Correction number 5 - Members do not have the right to dictate what permissions or access we give out - Sorry but this is a certain area where we are FAR more experienced than you and don't care for your opinion because we are acting out of what we have learnt from in the past right from the >Max< ordeal, through the krews.net issues to what we have today. If you don't like it, tough because frankly you don't pay the bills.

This may sound harsh to you but it is simply because I am sick and tired of listening to crap from half wits that think they know what they are talking about when they really don't especially when they are so adament to give their 2 cents on matters that don't concern them because they somehow think they are entitled to patronize us on every matter of how we do things here. If you don't like this then thats fine but you will have to live with it because I am not shedding tears for the ungrateful or as I see them the pointless.