However, doing SSH through corporate firewalls is usually difficult, or explicitely prohibited. Often solutions like SSH over AJAX are seen as gray areas (or prohibited), even when it's done in the clear.

Other fallbacks include:

• use a DVCS (eg. Git or Hg)
  1. make a local copy of my website
  2. modify it, checkin the changes
  3. push the changes back to the webserver, via any method that supports updates via HTTP or HTTPS
• use a DVCS, but store the website on a thumbdrive (or laptop), and don't sync over the network until you get home
  • This basically makes it undetectable to corporate IT that you're making updates.
    (for all but the most secure of environments, where flashdrive use and taking home laptops is extremely tightly controlled)
  • However, doing this indicates a willfull contravention of corporate policy.
    • As the saying goes, they never get you on the crime, they get you on the cover-up.
    • Regardless of the severity of the crime, trying to cover things up clearly demonstrates intent. In criminal jurisprudence, intent can increase the severity of an offense. However, proving intent is usually rather difficult, since it requires proving what is going on inside someone's head. The moment you cover something up, the question of intent is suddenly very clear. Which can mean that it almost doesn't matter what (or even whether) you did wrong, rather, it's presumed by most that you did do something wrong.
      • I think there's a sort of inverse Goldilocks thing going on here too — that there's a perception that people wouldn't cover things up unless they had something REALLY bad to hide, so people engaging in cover-ups are presumed to be doing something very bad, unless there's evidence otherwise.