NEWBIE: I have a security question:
When working with PHP or CFM and a database like MySQL or sequel server etc., it seems that a one method is to create a connection.php/cfm page to the database that will store the connection parameters such as username, password and URL ip in clear text and include this on various pages.
Since hackers seem to be getting better and better every day:
- Is this common practice to store this security data in the clear on the PHP/CFM webpage?
- Wouldn't it be possible for a hacker to SNIFF around and pick up this sensitive "clear text" security data?
- Is there some better, more secure way to communicate from the website to the data source that is somehow sending encrypted information rather than clear text back and forth?
Thanks in advance for your help.