How to secure database passwords in PHP?

Question

When a PHP application makes a database connection it of course generally needs to pass a login and password. If I\'m using a single, minimum-permission login for my applica

Answer 1

We have solved it in this way:

1. Use memcache on server, with open connection from other password server.
2. Save to memcache the password (or even all the password.php file encrypted) plus the decrypt key.
3. The web site, calls the memcache key holding the password file passphrase and decrypt in memory all the passwords.
4. The password server send a new encrypted password file every 5 minutes.
5. If you using encrypted password.php on your project, you put an audit, that check if this file was touched externally - or viewed. When this happens, you automatically can clean the memory, as well as close the server for access.