Is there a way to dynamically create constant variables on the fly?
The idea is that upon logging into the system, a user would be asked to upload a small text file that would be fread, and assigned to a var that would be accessible throughout the system.
If this is possible, just to be clear, would this variable then only be accessible to that user and only while the session is alive?
Security being the main concern here, would it be more practical to store the var in a session variable?
The plan:
Data in the db will be encrypted via mcrypt, and the key will be stored on USB thumbdrives. The user will insert the thumbdrive when going to access the system. Upon logging in, the app will prompt the user to upload the key. They will navigate to the thumbdrive and key. Via fopen and fread, the key will be assigned to a global var which will then allow access to encrypted data, and will be used to encrypt new info being entered to the db.
When the user logs out, or session times out, the global var will become empty.
Thanks!
NB: the var would need to be persistent and accessible through many pages and cookies are out.
I’ve decided that the following solution will work:
When a user logs onto the system they will be prompted to upload their key. The upload script will assign a unique and random filename and place the file into a temporary directory.
The path to the file will be set into a session variable. When needed, the path will be called from the session var, and
file_get_contents()will be used to retrieve the key.When the session is ended or times out, the session variable will be deleted and the file itself will be removed via
unlink().Thanks!