This "question" is a bit different in that I'm not trying to solve a specific problem where I don't already have a solution. Instead, I'm looking for informed opinions.
The issue is for a CGI to access a database, it needs login information (user name and password) for that database. Of course, we don't want to expose the login information to the public.
I read about one solution meant for Apache running on a *nix system (such as Linux). This solution is to store the login information in a file that is
Not in the server's directory tree.
Has a .php extension so the php processor will process the file before it's served.
Is owned by the web server.
File permissions are 400 (-r--------)
Is in a directory owned by the web server.
File permissions for the directory are 500 (-r-x------).
Of course, if the server's root account is ever compromised, none of this matters. (However, I'm looking at this problem from the perspective of the developer and not the person who is responsible for protecting the server from O/S level attacks.)
I'm also assuming that the login and password are otherwise difficult to guess. A discussion on that might be warranted but it outside the scope of this post. (Assume the login and password were assigned in a competent fashion.)
Opinions? Comments? Ideas?