PHP security: store connection information in constants or private properties?

Question

PHP security: store connection information in constants or private properties?

I was wondering if it is better to store connection variables as constants (because they cannot be changed) or as private properties (because they cannot be viewed). I apologize to everyone who dismisses my insecurity in horror ...

+6

private security php constants

sunwukung Oct 21 '09 at 10:59

source share

2 answers

I think it does not matter; Your code should be protected both from entering the code and from viewing. If someone has access to somehow enter code into your system, accessing the connection strings seems less difficult.

0

Gergely rosz Oct 21 '09 at 11:15

source share

Matthew scharley · Accepted Answer · 2009-10-21T11:12:49+0000

My thoughts are that it really doesn't matter (from a security point of view). If someone has their own code, then you are equally screwed anyway. If someone does not have your code, then it does not matter because he cannot execute it without code for him to be a problem (if you have remote code execution vulnerabilities, you have more problems than connection strings).

From a design point of view, I would probably use a private constant.

PHP security: store connection information in constants or private properties?

More articles: