3 websites, 1 server?

https://forums.adobe.com/people/Rob+Hecker2  wrote Actually, multiple sites on a single web server is not the problem. Allowing other coders to access the account is the problem. They can f*k something up without your knowledge and then who has to resolve the issue? Then the finger pointing begins.

Yes, that was my biggest concern but hey-ho not sure I can do much about it. Take the money and run. I don't get much business once a CMS is deployed so if it works when I hand it off and later it stops working should I really care, it's not really under my management.

I had a recent example of this just the other day. The hosting company upgraded the server with something without informing anyone and the site stopped working and no it wasn't php 7 (this site is 4 years old and used the DW server behaviours in some sections). They denied all and blamed someone else for poking around in the cPanel changing database permissions. I discovered a bit of simple php code, totally unrelated to database permissions, that had worked for 4 years had stopped working, that doesnt happen unless the server set up changes in some way. Of course everyone denied responsibility. Thankfully it was simple to put the code right but yes it did fall on my shoulders, everyone else involved f•k up and walked away, as I usually find they do these days.

Ok so not really a problem apart from could be a bit open to 'abuse'.

Thanks Rob.

Os

With a cloud vps, like AWS, they can have one account with one set of resources (bandwidth, cpu, storage) but they can have multiple "droplet" that are basically separate little server instances. Each can even have a different OS (I think). That might be a way to keep the other developers out of your turf.

In the US, Linode is a good cloud VPS provider. In the UK I don't know.

I know this is going to annoy a few people Rob, but I have found the Microsoft Cloud services to be one of the best, even from the U/K.

pziecina  wrote The only times i have seen such a configuration, is when one person is managing all the sites hosted.

I didn't really want to see it. Maybe this one person WAS managing all the sites hosted, is not any longer.

If you do have any doubts about someone using your code, one trick I have seen some developers use recently was -

Create icons to use on the log-in page using svg.

Embed your name, or a code you would recognize as your own in the svg.

Make the name, code in the svg transparent, so no one will see it.

Convert the svg to base64 encoding.

That way, you can always check at a future date if another site is using your log-in page. They are unlikely to change the site structure, so the log-in page will be at the same relative position in the file structure.

To check if it is yours, you then just have to view source, then copy and decode the base64.

Its not ideal if you're writting some bespoke CMS as it leaves it wide open to copying by other developers who have access to work on site_B and site_C

This raises an interesting question, who owns the code?

Going back about 15 years, I created a web based Health and Safety System (SaaS) using ColdFusion and an Access (shudder) database. It worked well, so well in fact that the organisation decided that they wanted another two services based on the same system, Quality and Environment. But the development was to be done in-house by copying the code that I had painstakingly written.

I sought legal advice, to no avail, my code was being used by others.

Firstly, I am of course not a lawyer, though I have taken a couple of workshops on intellectual property and read a book on the subject.

In the US, by default the creator is the owner, not the client. If you create as an employee, then the employer is the owner. The best thing to do is make it clear in your contracts who owns what.

At one of the workshops I attended, the lawyer teaching the course mainly presented cases where one judge ruled one way and another judge ruled the opposite way on a similar case and the point was, there is no guarantee how the court will interpret the law.

When it comes to code it's so easy to steal. It would be silly to try to protect HTML, CSS, or even Javascript. At least with PHP it is hidden. Since PHP code isn't seen by anyone viewing a site, how can you be sure if they stole your code? There are some products that can encrypt code, but only the expensive ones work well. You can't compile PHP code.

Rob, that interpretation kept me from taking it further, especially when my legal adviser told me to stay away from medical and legal practitioners as they will both send you broke.

Just one point though, as an employee, the code belongs to the employer and, as it was explained to me, when developing a website, you are contracted by the client to do the job, or in other words, your are being employed by the client. See the similarity?

you are being employed by the client.

At least in the US, if you determine your own working hours, don't work at the client location, etc., then you are a contractor, not an employee. In some cases, the distinction becomes fuzzy. For instance, what if you work at the client location some times? This fuzzy distinction has caused UBER one hell of a pain in the butt recently as the courts have determined that UBER drivers are indeed employees.

Another thing about intellectual property disputes is the question of filing ownership. Putting a copyright symbol on a web page or a TM next to your company name is cute, but means very little. One must actually file the copyright, trademark or patent.

BenPleysier  wrote Its not ideal if you're writting some bespoke CMS as it leaves it wide open to copying by other developers who have access to work on site_B and site_C This raises an interesting question, who owns the code?

In this case i'm not particularly worried as the coding is nothing special. If I had written something more complex which could then be scaled up for  numerous other companies in the same sector to use I would'nt even contemplate the idea of  a shared environment.

What worries me more is as Rob pointed out if another web-developer was aggrieved at losing the work but still had access to manage the remaining sites. They could effectively mess everything up. I think in that case once bitten twice shy, it would be time to point the domain at a more 'secure' set up.

The information in the database could easily be recreated if it was sabotaged but it would still cost time and money to recreate it. I'd have a back-up copy of the main files so it would just mean transferring to another environment, recreating the database at a cost to client.

I could put all this down in writing but 1) I don't think the client ever reads anything and doesn't give a toss until something stops working 2) I don't want to apppear paranoid which I mostly am