Hey guys.
I'm building a an application where I want to store the users database connection parameters in the database itself, so they can pulled out into an included connect file when a DB connection is required. But how do I do this securely? If I md5() the parameters collected from the form in the admin area, before they go in, MySQL won't recognize them at connect time and report a connection failed error because of the mismatch, but storing them unencrypted in the DB is always hazardous (as far as I know, anyway)
Is there a way this is usually done? What would you suggest? A user could off course also hardcode the relevant connection parameters into the top of the connetion include file, and those variables could be md5'ed and compared to the md5'ed versions of the stored parameters collected through the form. If they match, the unencrypted version of the parameters from the includefile are used for connecting, but that isn't too userfriendly, and propably not too secure either.
Suggestions?
