On Jul 11, 2009, at 5:47, Arjen Lentz wrote:
> When you think about it further, you'll realise that the point is
> fairly moot: if you create an MD5 or SHA1 from a password as a one-
> off operation, and use that, then that is effectively your password
> and that's as such no more secure than the original password, if
> someone were to get their hands on the config file.
If you don't trust the network between the app and the mysql server;
if you don't trust the server where the app is running the best you
can do is not have the password stored on the server and enter it
whenever you start the application.