Hello,

This question has come up numerous times in my career, and I was
hoping some of you out there might have some additional insight.
Essentially, where should the username and password for a database be
kept for an external program that accesses it?

For example, let's say I have a compiled C or C++ program. Is it okay
to put the username and password in a #define? What's a common
solution for web apps that need to access a database?

I have no good solution for the compile program. As for the web app,
I've been using a password file kept out of the web server's root. I
have no idea whether or not that is even remotely secure.

I appreciate your input on this topic,
Mick Charles Beaver