if they can get into your server and read your scripts and have any kind of write access (either to modify the scripts or to put their own on the server), you're screwed. nothing you can do.

what we usually worry about is if someone manages to maybe exploit some other script or the webserver is misconfigured and they manage to view the source code of your script. if you've got your passwords hard coded into the script, they'll see them and be able to log into your database and break stuff.

the simple solution is to put your db username/password stuff in a config file and put it outside the webserver's document root.

you could probably come up with a more complicated solution using ssh with public key authentication and port forwarding with the secret key stored in memory and not on disk that would let you set things up so that the user that the webserver runs as could log into the db without a password (and hence it doesn't have to be stored on disk) but that would probably be more trouble than its worth and potentially require that someone is there to enter the password at startup, etc.

anders pearson