Re: [PHP] Re: define()
On Sat, Jun 16, 2012 at 7:17 AM, Ashley Sheridan wrote: > On Sat, 2012-06-16 at 07:09 -0500, Karl DeSaulniers wrote: > >> On Jun 16, 2012, at 6:39 AM, Maciek Sokolewicz wrote: >> >> > On 16-06-2012 08:36, Karl DeSaulniers wrote: >> >> Quick question phprz. Is it ok to put a token inside a define() >> >> statement? >> >> >> >> IE: >> >> define('TOKEN', $sometoken); >> >> >> >> I guess what I am really after is if this can be read by a hacker? >> >> I may be misguided as to what define()'s parameters are. >> >> Once you define something it becomes a server variable? >> >> And server variables are easy to read/get ? >> >> >> >> If it is unsafe, what is the best method of storing/using a token so >> >> that it can be called at will? >> >> Kind of like a global, just more secure. Can you secure a define >> >> statement? >> >> >> >> TIA, >> >> >> >> Best, >> >> Karl DeSaulniers >> >> Design Drumm >> >> http://designdrumm.com >> >> >> >> >> > >> > I don't think you understand what define does, or what a constant is. >> > >> > The define function literally "defines" a constant. That is, it >> > creates a constant in your script. >> > A constant isn't a server variable, it's not some kind of special >> > global whatever. >> > >> > A constant is a kind of variable, but which is constant; that is, it >> > can not change value once set. Constants in PHP look like variables, >> > only without the preceding $-mark. They are not inherently safer or >> > better than normal variables. >> > >> > Now, the question we would all like to pose is: "what are you trying >> > to do?". You say you're looking for the best method of storing/using >> > a token to be called at will. Then of course a good question would >> > be "what do you mean by 'token'?" and what do you want to do with >> > that 'token'? Why is that 'token' so important to you? >> >> Thanks for the reply. I had a feeling I was off-track. >> I am using the token for a paypal verification. Paypals PDT. >> Would like to know how to store safely in my config file to use in my >> scripts. >> >> Karl DeSaulniers >> Design Drumm >> http://designdrumm.com >> >> > > > Store it in a PHP script outside of document root if you can, this > prevents it ever being seen if the server is misconfigured to not parse > php scripts properly. > > Try to secure all the scripts on the site, as any of them could be a way > in, allowing someone to execute their own code on the server. This is > standard practice generally though. > > -- > Thanks, > Ash > http://www.ashleysheridan.co.uk > > For credentials, such as tokens, passphrases, etc, I don't tend to store these in any particular language so that I can read and use them no matter what implementation language I'm using. These are stored outside of any server path, and strict permissions/ACL controlled. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: define()
On Sat, 2012-06-16 at 07:09 -0500, Karl DeSaulniers wrote: > On Jun 16, 2012, at 6:39 AM, Maciek Sokolewicz wrote: > > > On 16-06-2012 08:36, Karl DeSaulniers wrote: > >> Quick question phprz. Is it ok to put a token inside a define() > >> statement? > >> > >> IE: > >> define('TOKEN', $sometoken); > >> > >> I guess what I am really after is if this can be read by a hacker? > >> I may be misguided as to what define()'s parameters are. > >> Once you define something it becomes a server variable? > >> And server variables are easy to read/get ? > >> > >> If it is unsafe, what is the best method of storing/using a token so > >> that it can be called at will? > >> Kind of like a global, just more secure. Can you secure a define > >> statement? > >> > >> TIA, > >> > >> Best, > >> Karl DeSaulniers > >> Design Drumm > >> http://designdrumm.com > >> > >> > > > > I don't think you understand what define does, or what a constant is. > > > > The define function literally "defines" a constant. That is, it > > creates a constant in your script. > > A constant isn't a server variable, it's not some kind of special > > global whatever. > > > > A constant is a kind of variable, but which is constant; that is, it > > can not change value once set. Constants in PHP look like variables, > > only without the preceding $-mark. They are not inherently safer or > > better than normal variables. > > > > Now, the question we would all like to pose is: "what are you trying > > to do?". You say you're looking for the best method of storing/using > > a token to be called at will. Then of course a good question would > > be "what do you mean by 'token'?" and what do you want to do with > > that 'token'? Why is that 'token' so important to you? > > Thanks for the reply. I had a feeling I was off-track. > I am using the token for a paypal verification. Paypals PDT. > Would like to know how to store safely in my config file to use in my > scripts. > > Karl DeSaulniers > Design Drumm > http://designdrumm.com > > Store it in a PHP script outside of document root if you can, this prevents it ever being seen if the server is misconfigured to not parse php scripts properly. Try to secure all the scripts on the site, as any of them could be a way in, allowing someone to execute their own code on the server. This is standard practice generally though. -- Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Re: define constants within functions?
On Wed, 11 Aug 2004 06:54:35 -0500, Jay Blanchard <[EMAIL PROTECTED]> wrote: > [snip] > Sure, define them outside the function :) > [/snip] > > I have not tried this (we usually place constants in a section of the > code external to any function) but are you saying that if a constant is > defined within the bounds of a function it is not global? > Yes, it is global. The OP was not calling his function. > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: define constants within functions?
[snip] Sure, define them outside the function :) [/snip] I have not tried this (we usually place constants in a section of the code external to any function) but are you saying that if a constant is defined within the bounds of a function it is not global? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php