Novice Security Questions

TheSpeedOfDark

When confronted with functions requiring sensitive data:

(Connecting to a database that requires authentication,
connecting to an FTP, etc)

what is the ideal and 'standard' way to do this? You need to supply plaintext to the functions, which is what i'm doing now, but I'd assume reading this in from a file is better. I could put a login file in the same secure directory as the php script, however I feel that even that might not be 'ideal'. Should some sort of encryption be used? I wanted to know what the experts do.

Thanks a lot!

drawmack

I usually store my db authentication variables in a php script. If the hacker has compromised by server to the point where they can see inside my files then they can access my db-anyway.

TheSpeedOfDark

Great thanks, maybe i'll stick with that.
Any other suggestions on security? Or experiences anyone has had with name/password authentication in plaintext?