MYSQL passwords in php files

Anon

Is there any way that the mysql password doesn't need to be stored in plaintext in my php files? I can't think of one, but I just thought people on the same server as me may be able to view my php sources by using fopen with "/home/mydir/somefile.php"...

Anon

You could have your scripts ask for the password to be input, although you probably don't want to do this for public pages.

What you should do is create a user with select only privleges and use that user in all of your public pages, and create another user who has full privleges and make your insert/update/delete scripts ask for the password to be input and pass that around in a session. That way your all access password isn't stored on the system.

Anon

So it's pretty much a no? I don't wanna be screwing around with users, I just thought there may be another way than plaintext passwords, but I just realised if there was, other people on my server could just use that method anyway!!

Thanks,

Danny