I am curious if it is safe to use adminer.php to connect to my RDS instance and see raw data with RDS_HOSTNAME, RDS_PASSWORD and RDS_USERNAME ? Or is there any better way to access data ?
1 Answers
1
votes
Generally the problem with these kinds of tools is that people install them and leave them open to the world. Even without someone gaining the login credentials if they can access this interface there is always the chance for them to manipulate it. On top of that you would need to keep patching it frequently as new vulnerabilities are discovered.
Obviously if you are going to run the following should be taken into consideration:
- Run via HTTPS only
- Keep on a private instance with no public load balancers
- Keep tight security groups
Personally for my choice I always prefer to install a toolset on my local machine, and connect to the host over the VPN. By doing this I feel the risk of exposure is reduced.
