I'm trying to take extra measures to protect my MySQL password.
As it stands, the password is stored in a php variable outside public_html, in a folder with a .ini.php extesion:
Given its location on the server, am I right in saying the following addition to my .htaccess would be redundant, or could it still help?
Deny from all
More generally, is there anything more I could do to help keep this password secure, given that MySQL won't accept a hashed password?