What's best way to secure a database connection string?

Question

I am writing a set of database-driven applications in PHP. These applications will run on a Linux server as its own user. Other users will likely be on the system at times

Answer 1

If the machine really is being administered in the traditional Unix fashion, where J. Random user isn't off su-ing to root all the time, I'd say that filesystem permissions are your best bet. If someone gets unauthorized root access, no amount of encryption silliness is going to "secure" the connection string.

I'd mark the files w/ the connection string as owned by the "script user" and give them access as you describe.

(Bravo for realizing that encrypting the connection string doesn't buy you anything, in this example. Security through obscurity is counter-productive.)