Securing MySQL Password with PHP

Anon

I'm looking for the best way to secure my password to my MySQL database that is part of my PHP query scipt. I have read a few ways to protect it:
-- Have the PHP script refer to the password in an include file outside of the web server document tree to prevent the code from leaking out to the client browser.
-- Have a "Read Only" user setup on the MySQL database to protect the database (someone may get in to the database but can't mess with it). With this approach I must ask my web hosting to do this for me and I'm not sure if they will.
Does anyone have any suggestions? I'm using PHP 4. Thanks. Mark

jsagara

I have used #1. Just make that others can't read what's inside your include directory.

[deleted]

I'd use both; hide your password file, AND give the user only as many rights as he needs. If you have five applications that use five different databases, make five different users that can each only work with their own database.

There was a very clever method of hiding passwords using apache server variables that were read during startup, and were only available to each virtual host. It was posted on this forum a long time ago, but I can't find it anymore.
If anyone has it, drop me a line please? :-)