I like the way you used encryption. I also often forget to lock the file when I only read it ;-)
This may be a silly question, and it doesn't mean to be ironic, but does encryption make a difference?
Indeed having a text file with the db auth on the server is only slightly better than having it in a script within the web server realm.
But, if you bear with me, if someone gets access to that file couldn't we assume that they also had access to the script? Also given that the key has to be included somewhere, how hard would it be to figure out the whole thing?
Should we encrypt the auth by default for the sake of good security practice?
jayrom