Permissions for index.php -- hide MySQL password?

Hello everyone,

I've installed PhpWiki on my project website at SourceForge
and I have to say, it is really terrific! Thanks to the 
development team for a job well done. 

I have a question about the MySQL password. I see that I
can put the admin password in index.php in encrypted form --
that's great. But can I also encrypt the MySQL password?

It seems like a security problem, since index.php must be
readable by the web server; it might be possible for anyone
with a login on the project servers to read the MySQL password.

I've read through archives for PHP, MySQL, and PhpWiki, but
there doesn't seem to be a definitive solution. It seems the
standard operating procedure is to ask the SF sysadmins to
"chgrp nobody index.php". Is there another way?

It may be not so much of an issue, since by design, a wiki
is pretty much wide open for abuse anyway. But it seems
like the MySQL-password-in-a-script problem must be 
generic to many SF projects that use MySQL.

How was this problem solved for the PhpWiki project
demonstration wiki?

Thanks for any light you can shed on this issue --

Robert Dodier

__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click