On Jun 16, 2012, at 6:39 AM, Maciek Sokolewicz wrote:

On 16-06-2012 08:36, Karl DeSaulniers wrote:
Quick question phprz. Is it ok to put a token inside a define() statement?

define('TOKEN', $sometoken);

I guess what I am really after is if this can be read by a hacker?
I may be misguided as to what define()'s parameters are.
Once you define something it becomes a server variable?
And server variables are easy to read/get ?

If it is unsafe, what is the best method of storing/using a token so
that it can be called at will?
Kind of like a global, just more secure. Can you secure a define statement?


Karl DeSaulniers
Design Drumm

I don't think you understand what define does, or what a constant is.

The define function literally "defines" a constant. That is, it creates a constant in your script. A constant isn't a server variable, it's not some kind of special global whatever.

A constant is a kind of variable, but which is constant; that is, it can not change value once set. Constants in PHP look like variables, only without the preceding $-mark. They are not inherently safer or better than normal variables.

Now, the question we would all like to pose is: "what are you trying to do?". You say you're looking for the best method of storing/using a token to be called at will. Then of course a good question would be "what do you mean by 'token'?" and what do you want to do with that 'token'? Why is that 'token' so important to you?

Thanks for the reply. I had a feeling I was off-track.
I am using the token for a paypal verification. Paypals PDT.
Would like to know how to store safely in my config file to use in my scripts.

Karl DeSaulniers
Design Drumm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to