8
Imagining that I have a small site, and this site stores and returns information from the database. Currently I see many people storing the data of login for Mysql or paths in PHP variables or define constants.
<?php
...
$db_host = "localhost";
$db_x = "xxx";
// ou
DEFINE("DB_HOST", "localhost");
...
?>
On the PHP page I read some of the users' contribution notes, and some said that the best way to store settings is in configuration files .ini
, in other cases, such as frameworks, store paths and other data in files .json
.
If I save settings in one of these files, what guarantee I have that it will be safer, and how I can read these settings securely ?
It is recommended to use constants for configuring a PHP project?
– rray
Thank you, but I’d really like to know what the advantages would be if I were to use each of them, and how best to store and read them.
– Laura
I do not see a security issue but more a matter of practicality for any changes. Yes in my case I use more for practicality. I believe that this kind of need arose for compiled programs, so there is no need to compile the td program once it changes the database configuration (password, user, server address, etc).
– Skywalker
@Skywalker thanks for the use example, I found this here
– Laura
Just one detail: there is no unbreakable security, so you will never be guaranteed anything. But it can rely on a risk analysis that will have information about the degree of security in each form of storing settings. The most secure way is still data encryption.
– Ivan Ferrer