Possible Duplicate:
Is it ever ok to store password in plain text in a php variable or php constant?
I used to store my db credentials in a PHP file like this:
<?php
define('HOST', 'localhost');
define('USER', 'db_user');
define('PASS', 'user_pass');
define('DB', 'database');
?>
I use constants but in a recently project, one of the PHP coders said that storing db credentials into constants wasn't secure. I don't get it. I tried to find some information but nobody says nothing about this.
Is there any security risk in storing db credentials into PHP constants?