Phpmyadmin only allowed from localhost - do I still need ssl?
Hi and thanks for reading my post.
I'm running a few webpages on apache 2 / CentOS 6. One of the sites has a public user login so I'm going to get an ssl cert for that one.
Three of the sites don't have user logins or details, however I'm using cmsmadesimple to cut down on my dev work and this stores a lot of information such as links and image paths in mysql.
So my question is, if the only way I'm accessing phpmyadmin is from my server
(deny, allow
allow from 127.0.0.1)
do I need to bother with ssl for the phpmyadmin site and the three sites which don't take end-user input? I assume the php process and mysql communicate securely via the kernel when they're both on the same server, so should my only security concern be those sites where user details are entered from a remote pc? ( I'm just concerned with the back-end here, I do secure my webforms vs sql injections etc.)
Last edited by Linuxstudent; 10-22-2011 at 01:00 PM.
|