@Peter but then again you can host the web server and the db server on the same machine - and apart from where you're setting up a db master/slave setup you can have the db server running only on 127.0.0.1 - can't be visible on any physical interfaces when you nmap it...unless you can hack the web server and get to the CLI, which is another matter altogether :)