I'm curious. How do you feel about having a scrambling algorithm
embedded in your application, but having the scrambled password publicly
readable in a config file? Does that seem secure? This is what you
have to do if you want your users to connect to different databases
choosing their own password.
How would you deal with open source applications where the
scrambling/unscrambling algorithms would presumably be public? Are
there methodologies for developing custom algorithms that could be
triggered during builds?
>
> If it is encrypted within the source code then the only way to steal
> the credentials would be to reverse engineer the application.