Posted by Richard Lynch on 02/08/05 19:23

Greg Donald wrote:
> On Tue, 8 Feb 2005 08:37:32 -0800, Tony Di Croce <dicroce@gmail.com>
> wrote:
>> So, it doesn't seem like anyone is aware of a way to make PHP paranoid
>> about such things... Perhaps their is a lower level way to get linux
>> to scrub an address space when a process exits? I will google....
>
> It's pretty simple to scrub the data away.
>
> $cc = '1234123412341234';
>
> // do processing
>
> $cc = md5( time() );

There's no guarantee that will re-use the same bytes for the new string in
the low-level C malloc/alloc/???alloc calls, I don't think...

*MAYBE* using the {} operator on a char-by-char basis would be more likely
to wipe the bytes...

I suspect that if somebody is skilled enough to read your un-malloced RAM
for CC#s, they are probably skilled enough to peek into your current
in-use RAM for CC#s... I'm no expert, though, so maybe not.

--
Like Music?
http://l-i-e.com/artists.htm

• Next in thread: Re: [PHP] Storing CCN's Again...
• Prev in thread: Re: [PHP] Storing CCN's Again...
• Next in forum: Re: [PHP] excel -> ( csv -> ) mysql ?!?
• Prev in forum: Re: [PHP] Storing CCN's Again...
• Thread view: [PHP] Storing CCN's Again...

[Reply to this message]