On 24/03/08 19:47, Dan MacNeil wrote:
I'm curious as to how other people handle customers running cracked sites.
This seems a fair and responsible action on your part to me.
They want access to the original installation in a .htaccess protected directory so their "security expert" can find and fix problems.
I think their request is reasonable, and they should be allowed the opportunity to rectify the issue by whatever means they choose - whether or not their proposed method of solving it is practical or not is not your responsibility. I would say that, provided you specify that you will not allow public access to their site until you have confirmed that the changes they have made have resolved the vulnerability, you have done your part and the ball is in their court.
http://www.solutium.net - Going the extra mile to provide a fast, helpful, reliable Web Hosting service.