Do not expose constants to client

Check ID

CONST_0001

Category

Security

Summary

Constants can be configured to have their value exposed to clients. When configured in this way, any user with a session van read their value. Usually constants hold important (and sometimes secret) values used by your app, and therefore they should not be exposed to the client. Be careful when enabling this option on a constant.

Options

There are no options for this check.

Pass

The setting Exposed to client for a constant is set to no.

Fail

The setting Exposed to client for a constant is set to yes.

PreviousConstants NextDevelopment

Last updated 1 year ago