How to hide MySQL user and password in php code?

[samansk]

When I write php code to connect to MySQL like this
<?
mysql_connect('localhost','useranme','password');

Have the best way to hide or encrype user name and password in this case.?

 

[rycamor]

In the above scenario, you as a user on the system, have access to your directory, say '/home/andreas' Inside there, you will have a directory for web-readable files, such as 'public_html'. Usually this is accessible to the outside world as

http://www.server_name.com/~andreas,

but it can also be its own domain in a virtual server setup.

The point is, the actual PHP files reside inside '/home/andreas/public_html'. If Safe mode is on, any PHP script executing in a user directory can not go outside of its own DocumentRoot (/home/*/public_html, defined in httpd.conf) to read files elsewhere. This keeps other users from executing malicious PHP scripts to chech out your data. That's Part 1.

Part 2 is, assuming the permissions on the server are set correctly, your PHP files should be readable only by you as the user in that directory, and user 'nobody' which is the Apache process.

So hopefully, this can provide a secure virtual server environment for multiple PHP users on a single server.