Oh boy, I was really tired yesterday when I replied to your question.
I had spent the day looking a logs that when you said your script logged onto a database, I just took it as if what you needed was to write log info, hence the insert permissions on a single table.
Having DB credentials spread around is a natural concern, and as others already said, there is no absolute truth about hidding them on your scripts.
To that concern, I'm still of the opinion that part of the solution is on the DB side.
Depending on the work that the script is supposed to do, the user it uses to log into the DB should have strict access policies.
So, if it has to read information, it should have access only to views to the information. If it needs to write, it should talk to some stored procedures that actually work on the affected tables.
This would make things safer, as that user has limited possibilities of messing around with the DB.
This will not be possible on all databases, but where possible, you have an alternative or second level of protection if used together with the other solutions. | [reply] |