PDO Connect with an encrypted password?

Question

Ideally I would prefer not to have a password for a database in its raw form in a config file.

Is there away that pdo mysql connect accepts a md5 or sha1 version??

Answer 1

1) make the file only accessible to www-data.

2) never use a username/pw combo that has more privelage than needed (eg no grant, drop, create etc, only select insert)

3) make mysql only accept connections from 127.0.0.1

If someone has access to your box you have more problems than worrying about your applications db password.