This might be what youre looking for :
http://viralpatel.net/blogs/2010/12/pas ... ccess.html
How to protect the password?
Moderators: egami, macek, gesf
Ideally you want your connection information to be stored below the web root. Obviously if someone were to find a vulnerability in your code and trick it into exposing the variables it would still be found out.
The best practice is to create more than one MySQL user. The user that your script logs in as should have the least possible rights. It should also a password which is unlike any other. The user should be accessible only by the "host" that the website is running on. Often this is localhost.
Then even if I make your script somehow tell me the MySQL username and password it is little use to me as I am on a different host.
The best practice is to create more than one MySQL user. The user that your script logs in as should have the least possible rights. It should also a password which is unlike any other. The user should be accessible only by the "host" that the website is running on. Often this is localhost.
Then even if I make your script somehow tell me the MySQL username and password it is little use to me as I am on a different host.