2

I have an admin panel on my site, that enables me to control the content on my website. In order for the admin panel to achieve this, I must have a connection to the site's database.

I have two options for setting up my admin panel:

  1. Have the admin panel running on WAMP on my local PC, and SSH to the database on my server
  2. Host the admin panel on my server, meaning that I do not have to remotely SSH to my database

If I host it online, I can whitelist my IP to restrict access. If it's on my local PC, I will be the only person accessing it too. Hosting my admin panel on my server seems to be far more prone to attackers due to publicity; however I don't know for sure if that is true or not.

Which is more secure, and why?

dspacejs
  • 163
  • 7

3 Answers3

1

That's the old dilemma Security vs Usability, and only you can answer this question. Having the admin panel on your PC only is surely safer, but having it on the server means that you can access it even when you're not at home. And that other people can, too; unless you whitelist the access IPs, which however will also prevent you from accessing it from everywhere.

We can't really decide this for you apart from suggesting to protect the panel with a strong password if you decide to host it on the server.

dr_
  • 5,060
  • 4
  • 19
  • 30
  • I was with you until you suggested using a password to protect the panel. Really, password protection, nowadays, should be only the last resort when nothing else is possible. – Stephane Jun 10 '15 at 09:43
  • Really? Passwords should be the default protection, not the last resort. What would you suggest instead in this case? – dr_ Jun 10 '15 at 10:03
0

I have recently had a similar issue to this with a small company I was working with. They recently had an e-commerce platform exploited through the administration endpoint (RCE) and wanted to make it inaccessible to anyone unless employed by them.

The solution that the client selected in the end was to run a VPN form their office and allow users to direct all traffic through their IP (static). This means you have 1 IP address in your whitelist, no maintenance for it.... And unless the office internet goes down (Which touch wood, it hasn't as of yet) they can connect to it from anywhere in the world securely.

Aaron Dobbing
  • 473
  • 3
  • 13
-1

What if you set up a VPN on the server, then only allow 'admin panel' access to VPN'd IPs... that way you have the security of VPN and the accessibility of anywhere.

brian
  • 169
  • 3