Are Constants a safe place to store things like the Administrator's E-mail Address?
I am looking for a way to streamline my PHP Error-Handling, and would like to have One Variable/One Place where I can store things like the Admin's E-mail.
If I put it into a PHP Constant, then it would accessible to all of my scripts, which seems like a good thing. However, maybe that is bad from a security standpoint?!
There is nothing secure or insecure about using a constant over a variable or anything else. IT DOES NOT MATTER, concerning security. Whether you use a constant or variable, both would be accessible to any and every scripted that included them. The only difference between constants and variables, constants are read-only.
If Constants are read-only, then you could argue they are slightly more secure, because a hacker could not change their values, right?
Would there be any benefit to storing something like an Admin's E-mail in the database instead? (Almost like you would access a security key...)
Back to my original question...
How do you handle things like Admin e-mails?
Do you store them in Constants in a "config" file, or something else?
A serious drawback about that approach is that you can't email the admin when the database is down, because you don't know his/her email address ...
And yes, most projects/frameworks I've seen use some sort of config file for stuff like that.
If an attacker has managed enough to be able to access your PHP files, they can change them by simply rewriting the source code. It really is not that hard. Like it I said, there is no security advantage over a constant or variable.
Despite your responses, if you place your constants.php file OUTSIDE your web space, the hackers would have to break into your account, not just the website, to gain access to that information. Consider placing your database constants there, too.
Ah, yes, that is a good reminder!
Okay, so some follow up questions...
1.) If I have a Linux VPS with "root" access - or I switch to "Managed Dedicated Linux Server" where someone else has "root" access, then in general terms, how hard is it to set up a Directory and Access outside of my base Web Root?
2.) If I do #1, am I avoiding one issue, but perhaps opening myself up to other issues (because maybe enabling things is harder than a NON-Linux Sys Admin like me can handle?! :eek:
3.) How much extra security do you gain by not only removing things like "config" files and "database settings" files from your Web Root, but placing them on a separate Linux VPS or "Managed Dedicated Linux Server"?
No need for dedicated nor VPS as even shared accounts have files above their DocumentRoot. Remember, http://domain/users/~username/public_html (or www)? Merely stay in the ~username directory (better, create a subdirectory there at the same level as public_html) and link to your config files there. They can only be accessed by PHP or by FTP access with YOUR credentials.
That's harder than a non-sysAdmin? I don't think so as that's how a webmaster would do it.
How much extra security? Not much IF you are using a strong password, you are not allowing uploads of scripts (especially PHP scripts) and are following other strong security measures. However, those constants and other configuration settings will be UNAVAILABLE via HTTP. That's got to be worth something ... if you're as paranoid as I am.
Not so fast. If an attacker can compromise things to the point they can get into the server-side script in your PHP files, they can certainly start walking the directory tree and getting at things outside the webroot. Unless you've jailed the web process so it can't escape said webroot and then you can't use includes outside the webroot.
Logic_earth has it exactly right -- there is no effective security difference between a constant and a variable. IIRC, PHP constants aren't really all that constant anyhow, you can re--DEFINE() if need be.