Yii Framework Forum

Database Defined Variables

Yii 1.1 General Discussion

dhanakumar.m (Dhanakumar M) August 26, 2013, 2:01pm 1

Hi all,

Please let me know, usage of DATABASE defined variables are secure either in local or apache server.

Eg: DATABASE defined variables :

defined(‘DB_IP’) || define(‘DB_IP’, ‘XXX.XXX.XXX’);

defined(‘DB_NAME’) || define(‘DB_NAME’, ‘XXXXXXXXX’);

defined(‘DB_USERNAME’) || define(‘DB_USERNAME’, ‘XXXXXXX’);

defined(‘DB_PASSWORD’) || define(‘DB_PASSWORD’, ‘XXXXXXXXX’);

Local file path : protected/config/main.php

apache server file path : /etc/httpd/conf/httpd.conf

konapaz (Konapaz) August 26, 2013, 10:19pm 2

Hi

using define has more secure than other way because cannot be changed a constant after of the assign

protected/config/main.php is also secure because protected folder has htaccess that deny from all from directly access

but in the first case how secure is an application if somebody can see any variable or constant ?

If you follow Yii rules I think you have very good protection for all variables, actions and data.