Tony Di Croce wrote:
First I should say that I have NO plans to store CCN's on my site, but I do have a related question:
Right now I accept CC info from a posted form and then from a PHP script submit that to authorize.net... Is their any way to get PHP to clean up any remnants of any variables that might be in memory after a script is run? IE, is their a way to get PHP to overwrite the memory used by variables at the termination of a script?
I wasn't worried about this before but I think the paranoia regarding CCN's on this site has gotten to me... Better safe than sorry!
I don't think there is any way to do this...
There may be an external library one could compile into PHP, and maybe one could then write their script do scrub their data...
Even so, what about $_POST and $_GET and whatever temporary C strings/structs that PHP uses internally to store data.
You may want to look at the Hardened PHP site, and see what they've got -- If anybody has done this, they'd be the ones.
You could also ask them what they think of the idea from a feasibility stand-point and how useful it would be.
I suspect that you'd have to do it at a much lower level than your PHP script, though, to be useful.
If I can manage to read your script variables, I can also manage to read the PHP source code's C variables, so scrubbing just the $cc in PHP won't be enough.
You'd also need to consider page faults and swap space while you're at it.
Scrubbing your RAM does no good at all if the data got swapped to disk and the Bad Guy can read that.
There's a low-level C function to force memory to *NOT* get swapped... I forget its name, but run cdrecord as non-root and you'll run into right quick-like, as I did the other night :-)
I think, perhaps, though, that this is all going beyond what would be considered expected practice at this juncture in history.
As I said earlier, anybody skilled enough to fish in your RAM to get credit card numbers, is probably skilled enough to get them much easier than that.
That doesn't mean this won't change tomorrow, if PHP provides an interface to that low-level C function for your variables, or the Hardened PHP guys decided to implement this sort of stuff.
Perhaps running Hardened PHP would be a good step to consider for a server handling CC numbers. Even if it's not feasible/needed to scrub RAM today, I'm guessing they'd be the first to implement it if it was feasible/needed.
YMMV IANAL NAIAA
Amazon store Credit Card Number in their databases. Are we saying that someone could hack into their database server and steal the numbers? Or have Amazon gone far enough to protect their data?
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
