Hallo forum,

i have a remote server with a cms in php.
When i setup a local testserver i must every day download scripts, db's and other files to my local server.
I have seen that i can use ssh to connect to dbg session and i would use dbg on the production server.
Have someone experiences with running dbg on productions server.
is there a security risk or make this the server unstable.

Thanks in advance.

lars

As to stability, I don't know because I don't use DBG on production machines.

As to security, I don't think you take too much risk if you configure DBG to allow connections to "localhost" only, which in this case will be the endpoint of your ssh tunnel. Probably your PHP scripts will provide more and better exploitable attack vectors than the DBG extension

thanks mp for reply,

thats right, with ssh i use only the localhost connection to the server. other user can't see some vars (mysql-user or password) if they don't login into ssh-con ( i hope so ?!? ).

is the dbg extension everytime active or only if i connect to dbg session?
does dbg influences the server performance of the non debugged sessions?


thanks
lars

Dmitri should be able to answer that precisely.

I suspect that - besides from a neglectible overhead at request start-up - having the DBG extension enabled or not does not make a performance difference.

it's all time loaded but remains passive until debug session is activated.


Less than 1% for empty scripts (the shortest scripts) and much less for non-empty ones.

thanks mp and ddmitrie,

this will help me.
i try to use the dbg extension on my production server.

i will report.

thanks for reply and thanks for the dbg extension.


greetings from germany

lars