<span style="font-family: Verdana">In our web-based-solution (PHP) the database credentials (username and password) are encrypted and </span><span style="font-family: Verdana">stored </span><span style="font-family: Verdana">by PHP as session-Variables.<br /><br />Yes, there is the risk, they could be read by someone, who has access to the </span><span style="font-family: Verdana">apache-sessions-</span><span style="font-family: Verdana">directory, but this user also must have access to the php-scripts with the encrypt-functions to get the unencryption-keys and he must be able to work with these informations.<br /><br />But I think, this solution is much more save then storing or comitting the credentials as clear-text in cookies, hidden formular-elements or as sessions. <br />But
when you try to login to the database, somehow the credentials must be cleartext, so you can't get rid of this lack of security </span><span style="font-family: Verdana">in my opinion.<br /><br />By the way, this is an *intra*net-solution, and we don't have hackers in our staff, I hope...<br /><br />Ludwig<br type="_moz" /></span>