Hiding MySQL Connection Credentials

[Agold]

Alright, first off, I'm fairly new to this aspect of web design. While I have been messing around and designing sites using your basic HTML/CSS/Flash for some time, I've decided to get into the more serious aspects of web design. As of right now, I'm using a fairly basic webhosting service that doesn't give me full administrative permission to MySQL because, as far as I can tell, the databases reside under their super-database and not on your actual allotted server. This creates a problem with creating a true MySQL database in which you set up users for their given tables you want them to be able to edit. Let me remind you here again that I am faily new to this aspect of web design, so maybe no one actually runs their databases in this way. My work around is to have the first table be the user/password table and only have a singular script that I call up every time my forms need to modify a table. I hide this small connection script in the root folder of my server where it is not viewable and just call it into my php scripts using 'include()' or 'get_file_contents.'

 

What I'm asking here I guess is if this method is secure? And if anyone has any other ideas as to how to go about creating this database. Thanks in advance!

[Eiolon]

Without knowing your directory structure, the connection script should be stored in the level above your public_html folder or it's equivalent (wwwroot for IIS).