Recently Browsing 0 members
- No registered users viewing this page.
Hello forum, this is my first security related post, so I'm a bit of a newbie.
I understand that when I have direct front-input from user I should sanitize the input, but how about when I use a secret key for showing a API for a third-party supplier? Should I sanitize the input->get() key?
I've tested this issue and I tried ?key=<?php echo $page->field; ?> And without adding any sanitization it comes back: /?key=<?php%20echo%20$page->field;%20?>
So can I rely on this, or should I still use $sanitizer just in case?
Thanks for the help!
I am looking to hide a googlemap api key from general source code. The first suggestions were to use an environmental variable, then because that doesn't hide the info to then encrypt it. Others have suggested using a config file. (Can I put an array in the config file?)
What do you guys do to hide API keys from general source code like this?