(01-12-2014, 11:55 AM)Raz Wrote: PHP is PHP no matter where it's hosted, putting it on a remote server and tunneling the information back to the MySQL server and having the MySQL server on the same box as PHP have the exact same risks. PHPMyAdmin will connect to the same MySQL server regardless of where it's sitting so the risk is no more or less for it being installed locally, indeed the preference for it being local is to reduce data transaction latency since it won't have to tunnel to send/receive any data.PHP is PHP, yes... but it's a lot harder to exploit an insecure PHP client when you don't even know it exists or where it exists, especially if it's not running all the time and is inaccessible from behind a Router. If it's on the server, all you gotta do is compromise the software to gain PHP-level-access to the server! Then you have an attacker who effectively has access to any DB you're currently using in forums etc. on the same HTTP server.
SSH with RSA keys just means you can automate a lot of the work, indeed we automate a lot of processes such as offsite backups and RSA keys means there's never any passwords lying around.
Couldn't you just cron shellscripts for automation or do you need SSH access for stuff like backups?
Edit: Oh hey, 512th post \o/