Paypal has mentioned on several occasions not to include username, password and signature in a web document. What is the most secure method for storing this n a shared environment?
Will i need PHP class variables set to protected, store it in a DB or have to store it in another location?
Hope someone can clarify.
Thanks
People always answer this question the wrong way. This isn't about securely storing usernames and passwords in a database. It's about securely storing the credentials an application uses for connecting to various resources (eg: Database Server, PayPal API's, etc).
Standard practice is to parameterize your code, so that it reads these credentials from an external file. This file in turn will become the responsibility of the the system administrators, who will be in charge of encryption / security for it.
This thread has some good info on it: How to secure database passwords in PHP?