a better approach than storing mysql password in plain text in config file?

Question

It\'s always bothered me that many PHP programs require the user to store the mysql password in plain text (in a string or constant) in a configuration file in the applicati

Answer 1

If you're willing to trade off availability for file security, you could take the password out of the config file and require an administrator to type it in when booting and store it in a global variable.

You still have to make sure you're safe from injection attacks that could dump that variable out, and of course you have a manual step in the (re)boot process.