Translations:Manual:Securing database passwords/33/en

If you can't create any files outside of your webroot, you can still achieve some protection by going through the process above and using a filename like "$1" inside your webroot instead of "$2", as most webservers are configured to deny access to any files beginning with $3