Security concerns

[Kader]

Hi all

I am writing a mod which has to access the database.
Obviously I had to write something like:
$link = mysql_connect('host', 'root', 'password')
    or die('Could not connect: ' . mysql_error());

Now the script does what is supposed to do but obviously you wouldn't want the password to your database hanging around in a file!!!
What would you suggest apart from the following?
1. Changing the file rw permissions
2. Keeping it outside the web folder and link to it via a small php script only
3. Set up a mysql account with read/write privileges no more than what the script requires, to minimise the consequences.

Your support is very much appreciated.
Ps: How do the various forum scripts do this anyway in general?

[fwitt]

why not use SMF's database functions, off the top of my head i think the main one is db_query()

these use smf's security and dont require your password to appear in the code again.

I expect there is more on this in the modification boards

[Kader]

Thanx
I'll look that one up

[vbgamer45]

I say all three work well together. As long as they can not remotely access the database or write files on your webserver that you are safe.