LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Phpmyadmin only allowed from localhost - do I still need ssl? (http://www.linuxquestions.org/questions/linux-security-4/phpmyadmin-only-allowed-from-localhost-do-i-still-need-ssl-909565/)

Linuxstudent 10-22-2011 12:58 PM

Phpmyadmin only allowed from localhost - do I still need ssl?
 
Hi and thanks for reading my post.

I'm running a few webpages on apache 2 / CentOS 6. One of the sites has a public user login so I'm going to get an ssl cert for that one.

Three of the sites don't have user logins or details, however I'm using cmsmadesimple to cut down on my dev work and this stores a lot of information such as links and image paths in mysql.

So my question is, if the only way I'm accessing phpmyadmin is from my server
(deny, allow
allow from 127.0.0.1)
do I need to bother with ssl for the phpmyadmin site and the three sites which don't take end-user input? I assume the php process and mysql communicate securely via the kernel when they're both on the same server, so should my only security concern be those sites where user details are entered from a remote pc? ( I'm just concerned with the back-end here, I do secure my webforms vs sql injections etc.)

Noway2 10-22-2011 04:37 PM

For a connection that is only allowed from localhost (127.0.0.1) and on an otherwise secure machine, I wouldn't worry about SSL because the traffic is not leaving the machine.

Linuxstudent 10-23-2011 08:34 AM

Thanks for that, I thought this would be the case but it's nice to have it confirmed.


All times are GMT -5. The time now is 11:53 PM.