Does the act of defining constants create a global level security vulnerability?
I understand that in sophisticated programming, encapsulation and obfuscation are important when creating secure applications. So wouldn't this be a bad practice?
Chris Shaw26,640 Points
Constants are a lot like variables, the key difference is you can only define constants once meaning they are somewhat more secure than a variable since you can alter it's data at any point in time.
I recommend you have a look at the
wp-config.php file in WordPress as it uses constants numerous times throughout it's code base which hasn't contributed to any vulnerabilities once in it's lifetime as a blogging system.
Hope that helps.