PHP $GLOBALS | Security enquiry

Question

I have a settings.php page in my application which uses $GLOBALS to store configurations used in the web app.

As an example, he is a sample setting variable I use:

$GLOBALS["new_login_page"] = 1;
$GLOBALS["secret_cross_check_token"] = 3243242342423;

I then call those globals on other pages (hence why I use $GLOBALS), to perform tasks, such as give a user a new feature if they have that global toggled to 1.

The Question:

This works really well for me and i do not wish to use a database to store them, however recently I came to think, are $GLOBALS secure? Can a user read or manipulate them? If yes, what is the solution???

I understand it is server side but i just had doubts as to whether the user can somehow access the $GLOBALS

Answer 1

A globals variables can only be accessed server side, you can use them safely.

If an user can access your globals variables it's because he has gained access to execute code in your server, so, in this case, he can do a lot of more things than read your globals variables.

If an user can execute code in your server, he will be able to copy all your files and all your database easily, so the access to global variables would not be the major problem.