How can we store password other than plain text?
From the question it seems you need to store password in such a way, that it can be read and used in an automated transaction with another site. You could encrypt the password and store it encrypted in the file, then decrypt it using a key stored elsewhere in your system before using it. This makes difficulties to someone that gets access to the file from using the password, as they now have to find the key and encryption algorithm used, so they can decrypt it.
As defense, more lesser defense is always better than one strong defense that fails when breached. Moreover, I would also secure the file containing the password, rather than the password itself. Configure your webserver to disable possibility to serve the file containing the password, and try to set the process needing the file to run under a separate account, so you can restrict the access to the file to account running the process and admin accounts only.
I don't think you will find a foolproof way to do this. I would suggest a combination of things to achieve 'security by obscurity':
- store the password file on a different computer than the one which will use it
- store the file path in a separate config file on the app nachine
- use permissions to limit access to the config and password files to your process only
- audit file access if your system allows it (keep a log of who touched the files)
- give the folders and files innocuous names (/usr/joe/kittens.txt?)
- block physical access to the computer(s) (offsite hosting, or locked closet, or something)