I'm assuming the sysadmin cannot/would not edit the source?<p>If that's the case, a solution like IonCube might do the trick. Just make sure PDO connection errors aren't displayed/logged, since they may contain connection info.<p>You can also try restricting the sql user's access to the server's IP, but it still may be possible to connect directly from the server itself.<p>If the sysadmin can't access the db, who's managing the db server?