I'm writing a web service in PHP using the slim framework. Any request made to any endpoint will only be allowed if (a) the request is coming from a list of IPs (b) the HTTP request header contains a secret string, which is static (I know this isn't the best way to secure a web service, but this service is mostly for internal use and we don't need anything more complicated).
Should I store the list of IPs and the shared secret in a JSON file or should I initialize the array of IPs and the shared secret string in the PHP script itself? Storing it in a JSON file would mean that the data would have to be read from disk on every HTTP request. I'm assuming this is bad as far as performance is concerned?
