Is it ever ok to store password in plain text in a php variable or php constant?

Question

As per question, is it safe to store passwords on php pages such as

$password = \'pa$$w0rd\';

If the users can\'t see it, it\'s safe, right

Answer 1

I belive that most of the times plain text password would be database password as MySQL, for exmaple, won't accept hash for authentication.

As mentioned before best solution is to keep PHP config file with password outside the webroot.

If you are worried that someone may see your password while you viewing the file you can simply make it unreadable for human using base64 funciton.

See this post for details and even small utility for Windows, Linux and Mac that makes it easier.