LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-22-2011, 12:58 PM   #1
Linuxstudent
LQ Newbie
 
Registered: Jul 2011
Posts: 19

Rep: Reputation: Disabled
Phpmyadmin only allowed from localhost - do I still need ssl?


Hi and thanks for reading my post.

I'm running a few webpages on apache 2 / CentOS 6. One of the sites has a public user login so I'm going to get an ssl cert for that one.

Three of the sites don't have user logins or details, however I'm using cmsmadesimple to cut down on my dev work and this stores a lot of information such as links and image paths in mysql.

So my question is, if the only way I'm accessing phpmyadmin is from my server
(deny, allow
allow from 127.0.0.1)
do I need to bother with ssl for the phpmyadmin site and the three sites which don't take end-user input? I assume the php process and mysql communicate securely via the kernel when they're both on the same server, so should my only security concern be those sites where user details are entered from a remote pc? ( I'm just concerned with the back-end here, I do secure my webforms vs sql injections etc.)

Last edited by Linuxstudent; 10-22-2011 at 01:00 PM.
 
Old 10-22-2011, 04:37 PM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,120

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
For a connection that is only allowed from localhost (127.0.0.1) and on an otherwise secure machine, I wouldn't worry about SSL because the traffic is not leaving the machine.
 
Old 10-23-2011, 08:34 AM   #3
Linuxstudent
LQ Newbie
 
Registered: Jul 2011
Posts: 19

Original Poster
Rep: Reputation: Disabled
Thanks for that, I thought this would be the case but it's nice to have it confirmed.
 
  


Reply

Tags
apache22, http, https, mysql, phpmyadmin


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it more secure to use SSL for connecing to localhost? teamanx Linux - Security 1 07-21-2011 05:26 AM
MySQL - phpmyadmin: Access denied for user 'test'@'localhost' kirby1111 Linux - Server 1 03-18-2011 09:09 PM
phpmyadmin and login via ssl skoinga Linux - Server 5 12-27-2010 04:53 PM
HELP FOR#1045 - Access denied for user 'phpmyadmin'@'localhost' (using password: YES) amritpalpathak Linux - Software 1 03-20-2010 05:35 PM
[SOLVED] Ubuntu Server edition 9.10, http://localhost/phpmyadmin = blank white page in browser VipX1 Linux - Server 13 12-19-2009 10:29 AM


All times are GMT -5. The time now is 08:18 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration