web design/development & server passwords
... "handle server passwords for clients websites they are maintaining for extended periods - (with only one Web Designer/Developer maintaining, updating, providing additions, designing, developing, testing, etc. the website; & nothing in the website database, other that the (entire) website files alone)".
Years ago (up to 5 years back); I typically heard, was told & read either:
---- many, New Web Designers/Developers would use the same password their clients had; (where the client, not a Web Designer/Developer, would access the database freely to putter around in as they saw fit, during the timeframe the Web Designer/Developer was working on their website - believed to be a highly dangerous &/or foolhardy practice); while
--- many, Experienced Web Designers/Developers strongly advised against this; & typically, upon working on a clients site, would change the password until their work was completed; then would change it back to its original password when done.
(During that timeframe, the client would not have the new password; only the web designer/developer would, - but in the event of an emergency, could easily obtain it from the their websites host server administration, as the account was theirs).
If it was once in a while maintenance database changes, the password would be frequently changed back & forth; between the original (no maintenance going on) password - both the client & web designer/developer would have; & the new (maintenance/update) password - of which, only the web designer/developer would have. If it was heavily (weekly or several times a week for instance); would not change it back to the original password until completed or off the project.
Over the years have heard views of both sides; am curious of what opinions may be like now, of late - particularly with the way security, legalities, etc are today, & how its ensued since after 911.
Thanks for your input!
