ip whitelisting or run admin system locally only

Question

This might be a stupid question but I need to explore every option and can't gleam much from google on this one. Hope this is not too conversational.

I'm considering options to secure my php/mysql based admin system. One thing i've thought about is ip whitelisting with .htacess and only allowing my client access:

allow from xx.xx.xx.xxx

But I'm wondering if another method might be to not have the admin system installed online at all. Would it be possible to run the admin php locally (using wamp) and then have it connect to a live database?

Is this crazy?

Answer 1

Can I assume that your application is not hosted at your client's? Because if it is, then you can simply put the real application in a DMZ facing the internet and the admin application in the intranet without access from the internet.

If the application is not hosted at your client's, then your IP-based approach looks good. But you should not rely solely on the IP protection as an authentication mechanism, you should also secure the admin application with a login form asking for username and password. If you want to be super carefull, you could consider using two-factor authentication (token or Google Authenticator).

As jraede already pointed out, a local install with a remote database would be a pain in the butt to maintain. Also (and foremostly) a remote database would imply that you need the database to be accessible from the internet. That should be a security no-go if you can avoid it.