On your "Connecting To Databases" documentation page
<http://www.php.net/manual/en/security.database.connection.php> you
mention establishing a connection over SSL or using SSH to encrypt the
network connection.
I would find the documentation for that page much more helpful if you were
to give an example each.
That depends on the db used. For example, mysqli can encrypt the connection
if the server is configured to do so (mysql >= 4.?).
To use ssh with a db that doesn't nativey support encryption, you can create
a ssh tunel, with 'ssh -L' (read the man page for more info).
Also, I assume that both of those security tips are only necessary when
the web server is different than the database server (i.e., when the
database server is not "localhost"). Would you please expand on that in
the documentation, too?
I really don't see a reason to expand that doc page. It says what you
can/should do, but you'll have to explore the features yourself.
Nuno
