cute robot

TimNash.co.uk

Dev/Sec/Ops with a splattering of humour

Blog Posts

Let me decide where I put my secrets

Many plugins call on 3rd party services when they do those services often provide some form of credentials and 9 times out of 10 those credentials get stored in wp-options table. Except I don’t want my security credentials in my database. Where you store you secrets can be deeply personal thing.

A common way to call credentials in plugin is something along the lines of

$api_key = get_option( 'mysecretkey' );
define( 'SECRETKEY', $api_key );

if you are going to do that, then try this instead

if ( ! defined( 'SECRETKEY' ) ) {
$api_key = get_option( 'mysecretkey' );
define( 'SECRETKEY', $api_key );
}

By checking if it’s already defined before pulling it from DB it allows me to add the API key in the wp-config.php and avoid putting it in my DB.

If you develop plugins that make use of third party services and storing API keys, then give your users the flexibility to store the keys where they want.


Hello, I’m back!

Welcome to TimNash.co.uk come sit down and find out what’s new and different about this incarnation of TimNash.co.uk Continue Reading


PayPal Identity services lift off!

It’s always the way. The one event you don’t go to and all the cool toys are announced. This year is the first time I didn’t make it to Innovate PayPal developer conference and they announced a huge pile of new stuff including an interesting ecommerce platform hybrid thingiemagik. However, what really interested me were […]


Working out Multi Currency prices with burgers

This is an expanded version of a post I published in the SEO Dojo since then, I have literally had one email asking about it, so I decided to expand the forum post and publish it here. I wish to pose a simple question: How would you determine the price of a product or service […]


Password Protection round x

my friend Angie pointed me to this latest twitter status update and I thought it was worth sharing. It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly […]