$server = exemplo.com;
$user = root;
$senha = 123;
$conexao = msqli_connect($server, $user, $senha);
I know that the php page is not visible to the user, but nowadays, you can not underestimate the cracker. So I would like to know if there is a way to hide the password, so it will not be so easy to find out that my bank is 123.
No need for this.
People who must access the connection configuration file with the bank (or any other application within the application that uses password or security tokens) should be those who are authorized to do so.
You do not need to focus on hiding the password in your script, but increase the security of your application.
People who would usually be able to see the password for this connection script with the bank (without authorization, I say) are those exploit programmer flaws (or sloppy, so to speak). So if they can, for example, break into your server (via a backdoor for example), they will probably have access to any files that are there.
It's no use trying to cover the sun with the sieve!
Some questions below will point out how someone could access your data through an attack:
Another detail: Although it is only an example of the password being "123", this is also a point that you should avoid, because such a password is to give you access to your system, since it can be easy to set this password .
In one answer, one might suggest that it is a good idea to save the password configuration data to an external file. But to be honest, what's the point of it?
Suppose you do what you did in this SOEN response (save the password to a ini file). If the "cracker / attacker" has access to the server, it can simply do this in a file:
var_dump(ini_get("mysql.default.password"));
He would find the password the same way! So what good was it to use an external file to save the password, if at the end of the day, would it get the password? You can change how to store the password, but at all it was it needs to be returned somewhere. The attacker, who is not silly, will know that.
I know that the php page is not visible to the user, but nowadays, you can not underestimate the cracker.
It was not the focus of the question talk about server intrusion, but this is the only way for someone to figure out the password that is in the PHP script.
If you know that what is written in a PHP script is not visible to the user (the client, which uses the browser application), then what is your fear?
Do not worry about it. No one will have access to the script content.