a better approach than storing mysql password in plain text in config file?

Question

It\'s always bothered me that many PHP programs require the user to store the mysql password in plain text (in a string or constant) in a configuration file in the applicati

Answer 1

Besides storing this sensitive data properly, you should also create a separate MySQL user that has only the required privileges and restrict the access to the database/tables/views it needs to have access to. And since the database server is often run on the same machine as the web server, do also restrict the access to local accesses. So don’t use the user with root privileges if it just needs to read data from a single database/table.