Re: [PHP] Re: define()

Sat, 16 Jun 2012 05:15:52 -0700 

On Sat, 2012-06-16 at 07:09 -0500, Karl DeSaulniers wrote:

> On Jun 16, 2012, at 6:39 AM, Maciek Sokolewicz wrote:
> 
> > On 16-06-2012 08:36, Karl DeSaulniers wrote:
> >> Quick question phprz. Is it ok to put a token inside a define()  
> >> statement?
> >>
> >> IE:
> >> define('TOKEN', $sometoken);
> >>
> >> I guess what I am really after is if this can be read by a hacker?
> >> I may be misguided as to what define()'s parameters are.
> >> Once you define something it becomes a server variable?
> >> And server variables are easy to read/get ?
> >>
> >> If it is unsafe, what is the best method of storing/using a token so
> >> that it can be called at will?
> >> Kind of like a global, just more secure. Can you secure a define  
> >> statement?
> >>
> >> TIA,
> >>
> >> Best,
> >> Karl DeSaulniers
> >> Design Drumm
> >> http://designdrumm.com
> >>
> >>
> >
> > I don't think you understand what define does, or what a constant is.
> >
> > The define function literally "defines" a constant. That is, it  
> > creates a constant in your script.
> > A constant isn't a server variable, it's not some kind of special  
> > global whatever.
> >
> > A constant is a kind of variable, but which is constant; that is, it  
> > can not change value once set. Constants in PHP look like variables,  
> > only without the preceding $-mark. They are not inherently safer or  
> > better than normal variables.
> >
> > Now, the question we would all like to pose is: "what are you trying  
> > to do?". You say you're looking for the best method of storing/using  
> > a token to be called at will. Then of course a good question would  
> > be "what do you mean by 'token'?" and what do you want to do with  
> > that 'token'? Why is that 'token' so important to you?
> 
> Thanks for the reply. I had a feeling I was off-track.
> I am using the token for a paypal verification. Paypals PDT.
> Would like to know how to store safely in my config file to use in my  
> scripts.
> 
> Karl DeSaulniers
> Design Drumm
> http://designdrumm.com
> 
> 


Store it in a PHP script outside of document root if you can, this
prevents it ever being seen if the server is misconfigured to not parse
php scripts properly.

Try to secure all the scripts on the site, as any of them could be a way
in, allowing someone to execute their own code on the server. This is
standard practice generally though.

-- 
Thanks,
Ash
http://www.ashleysheridan.co.uk

Reply via email to