Hiding PHP db information

I've long been a fan of site specific apache config files for virtual hosts. Well today I learned something very useful.

I was messing around with creating an oAuth (http://oauth.net/) test setup and the demo I downloaded had an apache config file like

<VirtualHost *:80>
        ServerAdmin admin@localhost
        ServerName oauth.home
        ServerAlias oauth2.home
        DocumentRoot /var/www/html/oauth/oauth-php-98/example/server/www

        UseCanonicalName Off
        ServerSignature On

        SetEnv DB_DSN mysql://oauthuser:oauthpass@localhost/oauth

        <Directory "/var/www/html/oauth/oauth-php-98/example/server/www">
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                Allow from all

                <IfModule mod_php5.c>
                  php_value magic_quotes_gpc                0
                  php_value register_globals                0
                  php_value session.auto_start              0
                </IfModule>

        </Directory>
</VirtualHost>

It was this line that interested me

SetEnv DB_DSN mysql://oauthuser:oauthpass@localhost/oauth

as it had never occurred to me to supply DB config in the apache config file. I don't know if there are any performance issues which would arise from doing this as opposed to including it in a php file itself but it certainly seems a lot more secure. I also like the PHP initialisation in there as well and will be using those two features myself at the next opportunity. All in all very tidy I thought.