Re: Saving of buffers, from a security standpoint

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You can't be assured that the data is stored only in RAM. Just about all systems use some sort of swap space, so what is stored in memory could end up on disk in a swap file. Of course, if someone is able to access the swap files on your computer, you're probably dead already.

PHP also stores session information in temp files, so I wouldn't store credit card info in a session.

From what I have read, you shouldn't retain a credit number any longer than absolutely necessary. In addition, the full credit card info should not be stored with your regular database, it should be stored only on the machine that has to actually charge the credit card. Which shouldn't be your webserver.

On May 11, 2005, at 1:02 PM, Colin Ross wrote:

I am working on a bit of code for credit-card processing, so please keep in
mind, security of the data is essential..
On part of it i wish to use a buffer, but i wonder if that data is saved
anywhere on the running system (as a temp file, etc), or is it just held in
the system's memory?
My concern is that if an error occurs in the processing, i don't want that
buffer to remain (with possible valid Credit Card data) on the system...


Colin

p.s. As with other 'touchy' subjects like credit card processing, all valid
input is appriciated.


--
Brent Baisley
Systems Architect
Landover Associates, Inc.
Search & Advisory Services for Advanced Technology Environments
p: 212.759.6400/800.759.0577

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux