On 16-06-2012 08:36, Karl DeSaulniers wrote:
Quick question phprz. Is it ok to put a token inside a define() statement?
IE:
define('TOKEN', $sometoken);
I guess what I am really after is if this can be read by a hacker?
I may be misguided as to what define()'s parameters are.
Once you define something it becomes a server variable?
And server variables are easy to read/get ?
If it is unsafe, what is the best method of storing/using a token so
that it can be called at will?
Kind of like a global, just more secure. Can you secure a define statement?
TIA,
Best,
Karl DeSaulniers
Design Drumm
http://designdrumm.com
I don't think you understand what define does, or what a constant is.
The define function literally "defines" a constant. That is, it creates
a constant in your script.
A constant isn't a server variable, it's not some kind of special global
whatever.
A constant is a kind of variable, but which is constant; that is, it can
not change value once set. Constants in PHP look like variables, only
without the preceding $-mark. They are not inherently safer or better
than normal variables.
Now, the question we would all like to pose is: "what are you trying to
do?". You say you're looking for the best method of storing/using a
token to be called at will. Then of course a good question would be
"what do you mean by 'token'?" and what do you want to do with that
'token'? Why is that 'token' so important to you?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
