I'm looking to deploy infrastructure for a web application that will live on a LAMP stack. The infrastructure is such that this is the only application that will ever live on this server and it must be as secure as possible.
Traditionally, we deploy a front end server in a DMZ and have a DB server on a segregated network and between them is a firewall rule that only allows TCP 3306 calls from the web server back to the database server. When multiple applications live on a server, I see the relevance there as if one application/site gets compromised then the potential exists to quarantine the damages to the application & credentials that have been harvested.
With a single web application I'm struggling to see how this might provide a security benefit. In theory, if your web server gets compromised then people will have access to the DB credentials the application uses at which point it's game over, right?
From a strictly security perspective what are the major reasons to split the application into front and back end servers?