Menu
I was wondering if it's better to store connection variables as constants (because they can't be changed) or as private properties (because they can't be viewed). My apologies to all those who reel in horror at my lack of security nous...
815
My thoughts are that it really doesn't matter (from a security point of view). If someone has your code, then you are equally screwed either way. If someone doesn't have your code, then it doesn't matter because they can't execute it without the code for it to be an issue (if you have remote code execution vulnerabilities, you have larger issues than your connection strings).
From a design point of view, I'd probably use a private constant.
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
