I know there are several ways to handle the security issue of keeping database passwords safe from hackers. But which is the best method to use in a shared hosting situation?
Is it better to store the database user name and password in an include file in the home directory, above the public directory, so that they're not accessible from That's what I've done in the past, but now I'm not positive that's the best approach. Would it be safer to put them in a directory within the public directory, and password protect it with .htaccess? I'd think either of the above two approaches would make the info available to those on the same server. Or maybe it's just better to include them on the PHP page itself and try to encrypt it? I've heard Zend is good to use, but it's a little pricey for my needs. <g>
Any thoughts on the subject?
Thanks!
Susan
Is it better to store the database user name and password in an include file in the home directory, above the public directory, so that they're not accessible from That's what I've done in the past, but now I'm not positive that's the best approach. Would it be safer to put them in a directory within the public directory, and password protect it with .htaccess? I'd think either of the above two approaches would make the info available to those on the same server. Or maybe it's just better to include them on the PHP page itself and try to encrypt it? I've heard Zend is good to use, but it's a little pricey for my needs. <g>
Any thoughts on the subject?
Thanks!
Susan