Greg Donald wrote:
> On Tue, 8 Feb 2005 08:37:32 -0800, Tony Di Croce <dicroce@xxxxxxxxx>
> wrote:
>> So, it doesn't seem like anyone is aware of a way to make PHP paranoid
>> about such things... Perhaps their is a lower level way to get linux
>> to scrub an address space when a process exits? I will google....
>
> It's pretty simple to scrub the data away.
>
> $cc = '1234123412341234';
>
> // do processing
>
> $cc = md5( time() );
There's no guarantee that will re-use the same bytes for the new string in
the low-level C malloc/alloc/???alloc calls, I don't think...
*MAYBE* using the {} operator on a char-by-char basis would be more likely
to wipe the bytes...
I suspect that if somebody is skilled enough to read your un-malloced RAM
for CC#s, they are probably skilled enough to peek into your current
in-use RAM for CC#s... I'm no expert, though, so maybe not.
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
