The server will still need the password in the clear to apply to the database.
So when encrypting the password will have everything needed to decrypt the keep on the same server.
The result is not security, and profanity.
The password database doesn't protect against server administrator, it protects the user from the web server. To do this, encryption is not required.
dave.Murr answered on July 9th 19 at 13:56
Usually do not bother with this and keep all the passwords in clear text in the config file. The main thing that he is not easily flowed (there were no debug pages that merge the code or not to keep the passwords in the code). But if the app is hacked, the passwords are usually without a difference: they through it and do what you want.
See where and how well-known frameworks store passwords.
I think in such config.php the file (the source file could not be read in a browser).
Most often this is enough.
You can come up with innovative solutions, including to the password on the disk is not stored.
But not sure that is reasonable in the average case.