If you're just trying to prevent the casual user from seeing the password and then connecting to your db another way, a better approach is to lock down on the database server side. Create a stored-proc (or a view) that returns (or contains) just the data the script would return. Then grant your script user permission to access just that stored-proc (or view).

Trying to lock down the script is just not the right approach. Even if it was compilied (and the binary fit your size reqs), It would be in the text area of the binary (accessible via strings). You could obfuscate it but it will still go out on the wire unencrypted (unless you're going to encrypt the wire to).

If it's a web script, don't worry about it. Ensure your db is properly secured (ala para 1) and your web server is properly secured and your firewall is properly secured (all your onion layers) and just embed the password in the script. If everything is correct, just the web user would be able to read it and only your admins could become the web user.

If it's a regular script and you don't want to go to para 1 lengths, you could set up a pki infastructure but that's going to be way more time consuming.

-derby

Update: FoxtrotUniform Good idea but I think the interface to the mysql connect needs the cleartext password (and even if it just needed the hash, you'd still have a problem cause then all I'd need is the hash - same problem different format).