|
|
CPrompt
Maniac (V) InmateFrom: there...no..there..... Insane since: May 2001
|
posted 06-19-2005 14:34
Here's the deal. I got a call yesterday to reface a website. But, they also want to move hosts. They have a shopping cart that uses MySQL. So, I was wondering what method I could use to tranfer the shopping cart from one host to the next.
There is a little bit of tension between the guy that was doing it and the company. So, there may be some issues there. He has, up to this point not been willing to work with the company in moving the site over to the new host. They want to cut all ties to this guy.
He has an account through a host where he can host up to 6 websites with his account, so he's not really been willing to give any info out to get to the site even though the site was paid for by the company and is registered in their name. Seems to be a legal matter there. But, if I could get him to give me the info on the single account that would be good, but not sure if he will do it or not.
Right now they just have a shopping cart but they want to have a complete site *with* a shopping cart.
What I am wanting to do it just get the files from him and transfer the files to the new host and then get the database to dump into the database at the new host. Was wondering how that might be possible. I could give him the user and pass to the database at the new host and then change it afterword.
Any suggestions on how to get the info to dump from one host to another?
Thanks in advance!!!
Later,
C:\
|
WarMage
Maniac (V) Mad ScientistFrom: Rochester, New York, USA Insane since: May 2000
|
posted 06-19-2005 15:07
http://dev.mysql.com/doc/mysql/en/mysqldump.html
If you can not get that kind of access to the server, you can always try using phpMyAdmin, which has an import and export capabilities.
Dan @ Code Town
|
poi
Paranoid (IV) InmateFrom: France Insane since: Jun 2002
|
posted 06-19-2005 15:26
do you or the company have an FTP access to their site ?
From your description I doubt the answer is yes, but if it is you could well make a script to extract the list of the tables, their fields, etc... and dump the structure and datas of the database to transfert it to the new host.
Else the company is doomed, and will probably have to play it hard with the other guy to have an FTP access or a complete dump of their DB if he refuse ( or can not ) satisfy the first option. Unfortunately some legal threats are not to be excluded if he doesn't play fair..
MySQL stores the DB in some files, but I've never had a look at them and don't know if there's some kind of dependecies that forbid to copy few files and have them working with a mere restart of MySql.
However PhpMyAdmin can generate a dump of the structure and datas in SQL. That's the matter of few clicks and seconds/minutes to get the whole dump. You may have to tweak or split a bit the dump to make it work on a different version of MySql but it's more annoying than hard.
|
H][RO
Bipolar (III) InmateFrom: Australia Insane since: Oct 2002
|
posted 06-19-2005 15:40
Yeh maybe try and get him to give you a filedump of the SQL.. depending how big it is. I use phpMyAdmin usually and have had some trouble with getting large files back on there so that is a bit of a prick...
Anyway you go about it you need some sort of access from him - this is a good thing otherwise the security of all our sites would be doomed! :P
|
CPrompt
Maniac (V) InmateFrom: there...no..there..... Insane since: May 2001
|
posted 06-19-2005 23:44
|
H][RO
Bipolar (III) InmateFrom: Australia Insane since: Oct 2002
|
posted 06-20-2005 01:01
Goodluck there are plenty of pricks like that unfortunately. I handle all of my clients info for just about everything to take the hassle out - but if they need to tranfer somewhere I give them what they need. Luckily no one has transferred away from me yet :P. It will be a bit trickier with the new CMS i am developing - not sure what to do there i dont want to be giving the source out to people after all the work I put into it since its more a complete website builder... hmmm
|
CPrompt
Maniac (V) InmateFrom: there...no..there..... Insane since: May 2001
|
posted 06-20-2005 04:18
thanks H][RO. There are a lot of pricks everywhere I guess. Anyway......I've called 2 times and no answer back. I'll give him 2-3 more days and I'll let the company know I have tried but can't get in touch with him.
So.......I might be building it from scratch.
Later,
C:\
|
DL-44
Maniac (V) InmateFrom: under the bed Insane since: Feb 2000
|
posted 06-20-2005 04:50
With that type of person having access to such information......yikes....
Even if he does 'agree' to give up the info, I would certainly be careful to check that it is really intact (which, of course, is worth pushing your price up too!).
I would certainly suggest to the client that they get their lawyers ready regardless.
|
WarMage
Maniac (V) Mad ScientistFrom: Rochester, New York, USA Insane since: May 2000
|
posted 06-20-2005 04:52
The dump utility I liked outputs SQL, have him give you that and you just run that script on your server and you are gold.
Do not give him access. If he was worth his salt then he can have as much access to the system as he wants, even if you do change the password. You can not give him access like that. There are so many tricks, just don't do it. With user level access he could install any number of programs to root that box, and at the least own your account and all your other data.
Get him to make the dump and then give it to you. Make sure you then audit the file to make sure that nothing heinous is going in there.
There is always the lawyer if it comes right down to it.
Dan @ Code Town
|
H][RO
Bipolar (III) InmateFrom: Australia Insane since: Oct 2002
|
posted 06-20-2005 07:14
quote:
WarMage said:
There is always the lawyer if it comes right down to it.
Keep in mind if you have to goto these measures it may end up costing more than building a site from scratch, since you are doing alot of work on it anyway.
Since its a shopping cart i guess it depends how many products etc you ill have to fill in - im assuming the site is still up so you can grab the details by looking for it.
(you could probably write a parser to take the site in and get the data out of it straight into your database :P) but... hassle hehe
|
bitdamaged
Maniac (V) Mad ScientistFrom: 100101010011 <-- right about here Insane since: Mar 2000
|
posted 06-20-2005 07:40
You can also try opening some channels to the hosting company. They might not want to get involved but they might at least backup the data at least until you get this resolved.
It's hard to "prove" the data is yours (your clients) Do they have the domain registered in their name and some sort of written contract with this guy? That might give you some leverage with the hosting company
.:[ Never resist a perfect moment ]:.
|
CPrompt
Maniac (V) InmateFrom: there...no..there..... Insane since: May 2001
|
posted 06-20-2005 12:48
quote:
bitdamaged said:
Do they have the domain registered in their name and some sort of written contract with this guy?
Yes, the domain is in their name and they do have documents on what was done and what was not. They have reciepts on everything too. The have a good leg to stand on if it does go to court.
I was thinking about if he has total control over it now, that he might be able to do something to the SQL dump that would be "heinous". I have a feeling that it's going to come down to starting the site all over again and just changing the NS record to point to the new host. Seems the only way to really insure that this guy is not going to get access to anything. Just sucks because all returning customers will have to re-register. Plus the fact that he has access to their credit card numbers
Later,
C:\
|
poi
Paranoid (IV) InmateFrom: France Insane since: Jun 2002
|
posted 06-20-2005 22:41
quote: Plus the fact that he has access to their credit card numbers
What use could he make of some crypted credit card numbers ? I mean, they crypted, no ?
Btw if he has enough time and money to crack the encryption, then he surely don't need to steal those credit card numbers.
Regarding the DB, if you can at least retrieve the email of the customers, you could send them a new login and password.
|
CPrompt
Maniac (V) InmateFrom: there...no..there..... Insane since: May 2001
|
posted 06-21-2005 01:04
he set it all up so...........
I am thinking that they use GnuPG so he could decrypt it no problem.
Later,
C:\
|
H][RO
Bipolar (III) InmateFrom: Australia Insane since: Oct 2002
|
posted 06-21-2005 01:11
You would be suprised - I have seen websites that store straight out peoples CC details with no security..... very dodgey.. One reason why you should stick to sites that use verisign etc etc...
|
bitdamaged
Maniac (V) Mad ScientistFrom: 100101010011 <-- right about here Insane since: Mar 2000
|
posted 06-21-2005 01:32
Whether or not someone uses verisign has nothing to do with it. Personally I never permanently stored CC values in my shopping cart db permanently encrypted or not. I stored them long enough to do the transaction and then clear them just for this purpose I'd just store xxxxxxxxxx1234. You can always access your payment processor logs for confirmation.
Unfortunately there's no way to tell if someone is storing your CC data or not.
.:[ Never resist a perfect moment ]:.
|
H][RO
Bipolar (III) InmateFrom: Australia Insane since: Oct 2002
|
posted 06-21-2005 04:09
Well if you go through versign etc then you only enter your CC details on the verisign site - so you at least no that the website you came from is not storing your CC details because you never give them to the site.... so it does has something to do with it imo :P
|
CPrompt
Maniac (V) InmateFrom: there...no..there..... Insane since: May 2001
|
posted 06-21-2005 22:01
well, finally got in touch with him. Going to give me a dump of the database and send me all the files for the shopping cart. Should be right as rain. We'll see though
thanks for the help!
Later,
C:\
|