Richard Lynch wrote:
Tony Di Croce wrote:

First I should say that I have NO plans to store CCN's on my site, but
I do have a related question:

Right now I accept CC info from a posted form and then from a PHP
script submit that to authorize.net... Is their any way to get PHP to
clean up any remnants of any variables that might be in memory after a
script is run? IE, is their a way to get PHP to overwrite the memory
used by variables at the termination of a script?

I wasn't worried about this before but I think the paranoia regarding
CCN's on this site has gotten to me... Better safe than sorry!


I don't think there is any way to do this...

There may be an external library one could compile into PHP, and maybe one
could then write their script do scrub their data...

Even so, what about $_POST and $_GET and whatever temporary C
strings/structs that PHP uses internally to store data.

You may want to look at the Hardened PHP site, and see what they've got --
If anybody has done this, they'd be the ones.

You could also ask them what they think of the idea from a feasibility
stand-point and how useful it would be.

I suspect that you'd have to do it at a much lower level than your PHP
script, though, to be useful.

If I can manage to read your script variables, I can also manage to read
the PHP source code's C variables, so scrubbing just the $cc in PHP won't
be enough.

You'd also need to consider page faults and swap space while you're at it.

Scrubbing your RAM does no good at all if the data got swapped to disk and
the Bad Guy can read that.

There's a low-level C function to force memory to *NOT* get swapped...  I
forget its name, but run cdrecord as non-root and you'll run into right
quick-like, as I did the other night :-)

I think, perhaps, though, that this is all going beyond what would be
considered expected practice at this juncture in history.

As I said earlier, anybody skilled enough to fish in your RAM to get
credit card numbers, is probably skilled enough to get them much easier
than that.

That doesn't mean this won't change tomorrow, if PHP provides an interface
to that low-level C function for your variables, or the Hardened PHP guys
decided to implement this sort of stuff.

Perhaps running Hardened PHP would be a good step to consider for a server
handling CC numbers.  Even if it's not feasible/needed to scrub RAM today,
I'm guessing they'd be the first to implement it if it was
feasible/needed.

YMMV IANAL NAIAA


Amazon store Credit Card Number in their databases. Are we saying that someone could hack into their database server and steal the numbers? Or have Amazon gone far enough to protect their data?


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to