01-13-2014, 03:08 AM
(01-12-2014, 08:41 PM)Phaze Wrote:(01-12-2014, 11:55 AM)Raz Wrote: PHP is PHP no matter where it's hosted, putting it on a remote server and tunneling the information back to the MySQL server and having the MySQL server on the same box as PHP have the exact same risks. PHPMyAdmin will connect to the same MySQL server regardless of where it's sitting so the risk is no more or less for it being installed locally, indeed the preference for it being local is to reduce data transaction latency since it won't have to tunnel to send/receive any data.PHP is PHP, yes... but it's a lot harder to exploit an insecure PHP client when you don't even know it exists or where it exists, especially if it's not running all the time and is inaccessible from behind a Router. If it's on the server, all you gotta do is compromise the software to gain PHP-level-access to the server! Then you have an attacker who effectively has access to any DB you're currently using in forums etc. on the same HTTP server.
SSH with RSA keys just means you can automate a lot of the work, indeed we automate a lot of processes such as offsite backups and RSA keys means there's never any passwords lying around.
Couldn't you just cron shellscripts for automation or do you need SSH access for stuff like backups?
Absolutely, and in our case we don't even use PHPMyAdmin in favour of command line MySQL from SSH and the MySQL Workbench application. If you're talking about a production hosting environment though then you're going to need PHPMyAdmin and it's going to need to be available all the time and be public facing.
My preference is running it and changing the alias to something that is not /phpmyadmin or /pma. I would also use fail2ban to pick up any brute force attempts and IP ban clients that are caught doing so, the same system I use to ban SSH and webmail brute force attempts.
Like Petie said, we do use cron in our backup utilities but since we have offsite backup included in to the mix we require SSH on both the production and backup servers. We also have access to a third FTP backup server which is offiste and has been disallowed access other than by the production server IP, I also disabled password based authentication after I set up RSA key based authentication to this server.