Manual talk:Securing database passwords

Insecure recommendations!
Everything I deleted from this page was completely wrong. If you set the owner of a file to be the webserver, it means that scripts and the webserver are able to change any permission at any time! Besides that, setting rights for the webserver to "read" does not hold it from reading the source and sending it out, so it's no fix. The most secure solution is to keep password out of the web root, to set password file's group ownership to that of the webserver, and to revoke all permissions from others. Please, don't set peoples installations at risk, when you don't know what you're doing writing silly instructions. --Bachsau (talk) 21:18, 30 September 2012 (UTC)