DJJONES

Hi, Forgive me if this has been asked a thousand times before, but I have looked for the answer and as yet … not found it. I have written a couple of mini PHP / MySQL applications where the data was not particularly sensitive, but nevertheless I a was uncomfortable with the standard: $server = mysql_connect($host, $username, $password) or die(mysql_error()); :which exposes a database user Id and password in the PHP script. I have searched for any indication that others are concerned and found nothing, I’ve seen advice that the User Id used to connect should have the minimum of privileges consistent with its needs. I agree but this is just reducing the scope of the potential issue not solving it. I feel very unsure about the idea of storing private or financial data in a database where the key has been exposed to anyone capable of getting read access to a source file on the web server. Can you reassure me or offer an alternative – any response will be gratefully received. DJJ