I have a VPS account on which I set up a Linux server to host some customer websites, and to upload "previews" of websites before publishing them to the production server.
I develop the websites on my own machine (Windows) and do most of the testing there. Because of the difference in platform, sometimes problems appear on the Linux host, and I could use a debugging interface on that...
My question is how safe is it to have xdebug on a remote public server which would also be used for hosting production websites? Is it possible? Recommended? What do you think?
Thanks...
xdebug is perfectly safe on a remote instance as long as you set the xdebug.remote_host variable. Otherwise it is a MAJOR secuirty problem because it would allow the attacker to view any variable in memory during runtime. It could be used to obtain your mysql login or any other secret variables you may have.
edit: A VPN is a good solution to keep leaking sensitive data over the net in plain text.
XDebug is possible, but not recommended on production, as it can slow your application. You should think the other way round and use linux as a development machine. If you can't (or don't want) to switch to Linux you can stay on Windows and use a virtual machine as a linux development server. If you do, try to be as close as you can as the production environment : same linux distribution, same version of php.
I work on linux and so does everyone in my firm, and the recommended solution in my firm is LXC, a very light virtualization solution. By light I mean it won't take ages to refresh your working tree in your IDE, because you don't have to mount the working tree on the host: the guest filesystem is a subtree of the host filesystem. This way, I still can have an up-to-date fedora linux for my desktop, and develop on a debian with php 5.2 if I need to (and I need to). The thing is, when the virtual machine is configured for a given project, I can archive it and send it to a colleague that joins the project. This makes starting projects easier for newcomers.