Is it even worth encrypting a file that contains data for the username and password for your database in a product? I mean you have to have a way for the engine to decrypt the file and then if someone can steal your db settings file (dbheaders.php or whatever you want to call it) then chances ar ethey can steal your engine file that has teh feature to decrypt your settings. Any ideas or better options?

If you have a decent host you should be able to restrict database access to the local server and/or specific IPs that you choose to allow.

Ok, but let's say they login to the users phpMyAdmin with the settings they stole from the settings.php file and login with root access and then go to the SQL query and type in DROP TABLE TABLE_NAME_HERE; Since this is going to be distributed globally that could be a problem since I don't know every users security levels. And yes, it would be pointless for them to try and break through my md5 hash however they can still execute db commands. Oh well I guess I'll just live with the hash method.