This is probably quite a trivial question for anyone massively up on their security, but we’re having a bit of a ‘mare here trying to come up with a sensible solution.
We’ve got a CMS that has a central database that stores all of the core CMS data, then a separate database for each client that contains tables such as page, events, news and the like.
In the pursuit of security we have a cms MySQL user that is only allowed to manipulate the central database, and a user set up for each of the individual client databases (which are obviously only allowed to view and edit their own database).
Now, when a new user builds their site using the system, a database is dynamically created for them, and a user is created for them so that their log-in can access said database.
Cutting to the chase: The database has to be created and the privileges granted by a user with rights to do these actions. Where is it best to store the login information for this super-user as to provide the utmost security? Sticking it straight in the PHP code is obviously a bad idea!