I'm looking for the best way to secure my password to my MySQL database that is part of my PHP query scipt. I have read a few ways to protect it:
-- Have the PHP script refer to the password in an include file outside of the web server document tree to prevent the code from leaking out to the client browser.
-- Have a "Read Only" user setup on the MySQL database to protect the database (someone may get in to the database but can't mess with it). With this approach I must ask my web hosting to do this for me and I'm not sure if they will.
Does anyone have any suggestions? I'm using PHP 4. Thanks. Mark
-- Have the PHP script refer to the password in an include file outside of the web server document tree to prevent the code from leaking out to the client browser.
-- Have a "Read Only" user setup on the MySQL database to protect the database (someone may get in to the database but can't mess with it). With this approach I must ask my web hosting to do this for me and I'm not sure if they will.
Does anyone have any suggestions? I'm using PHP 4. Thanks. Mark