Where to store database login credentials for a PHP application

Question

We have a development server and a live server with different database connection details (username, password, etc).

Currently we\'re storing BOTH the database conne

Answer 1

I recently had to deal with this issue, and what I did was create two new database users. The first had no privileges at all, other than read privileges on tables in his own schema. The second had insert privileges to a "load" table I would be populating with my code.

The unprivileged user got a "credentials" table in his schema, which held the credentials and password of the insert user (along with some other parameters I needed for my app). So the code only contained the credentials for the unprivileged user, hard-coded and changed periodically, and at runtime it would look up the credentials it needed to do inserts. The lookup took place behind our firewall, between servers, so it wasn't something an outsider could eavesdrop on.

It wasn't developers I was worried about, it was outsiders and power users, who could theoretically gain access to the web server and peek at ini files. This way, only developers and DBAs could snoop (and we all know each other). Anyone else would have to figure out how to query the database, figure out what SQL to use, figure out how to run code... Not impossible, but certainly a gigantic multi-step pain in the butt and not worth it.

Pretty safe -- in theory, anyway...