[PHP] How PHP handles memory on exit
Hey All, I have a question pertaining to how PHP handles the residual values in memory once a thread exits. I am working on some credit card processing logic and would like to ensure that the values I am working with are not being left to their own fortune after the application exits. Out of habbit, I have just been overwriting all the sensitive variables with x's (strings only). The concerns I have are: - Am I wasting my time? Does PHP already do this? - If a sensitive var had somehow been cast as an int, and then I overwrite it as a string, does that just change the pointer to another * copy* of the var typecast, or does it actually overwrite the original? - Does PHP store the argv/$_SERVER/$_REQUEST vars anywhere other than what is reachable in userland? If so is there a way to ensure they do not persist? Any help you can provide would be hugely useful! Regards, Brad
Re: [PHP] Detecting Multi-Scope Variables
Hmm, would this then be a question for internals?
On Wed, Feb 2, 2011 at 9:59 AM, Ashley Sheridan
wrote:
> "Brad Lorge" wrote:
>
> >Perhaps my question was not as succinct as it could have been.
> >
> >Basically, can you think of a means through which to detect whether or
> >not a
> >variable is currently present in multiple scopes.
> >
> >IE:
> >
> > >
> >$bob = "fish";
> >
> >echo is_multiscoped($bob); //False
> >
> >function something()
> >{
> > echo is_multiscoped($fish); //False
> > gloabal $bob;
> > echo is_multiscoped($bob);//True
> >}
> >
> >function getJam($&ref)
> >{
> >echo is_multiscoped($ref);//True
> >}
> >
> >$jim = "nothing special";
> >
> >echo is_multiscoped($jim); //False
> >
> >getJam($jim);
> >
> >
> >?>
> >
> >On Tue, Feb 1, 2011 at 7:12 PM, Tommy Pham wrote:
> >
> >> > -Original Message-
> >> > From: Brad Lorge [mailto:b...@lorge.com.au]
> >> > Sent: Monday, January 31, 2011 9:53 PM
> >> > To: php-general@lists.php.net
> >> > Subject: [PHP] Detecting Multi-Scope Variables
> >> >
> >> > Hello All,
> >> >
> >> > I am new to the list so please be gentle :)
> >> >
> >> > I am working on a PHP framework and have run up against a
> >functionality
> >> > hurdle which I keep falling at. Basically, I have three mechanisms
> >which
> >> all
> >> > function in a similar way and require this functionality:
> >templating,
> >> event
> >> > handling and "action handling". Within the core code of the
> >application,
> >> as
> >> > is common with many applications with plugin architecture, I pass a
> >> number
> >> > of parameters to functions which have hooked into a particular
> >"event".
> >> Part
> >> > of the mechanism is that parameters can be passed by reference to
> >allow
> >> > for the listeners to make modifications.
> >> >
> >> > $username="bob";$account_type="ISV";$password="fishbum";
> >> >
> >> > register_action_listener('process_user', function($username,
> >> > $account_type, $password){$username.="." . $account_type;} // Or
> >> > whatever
> >> >
> >> > call_action('process_user', &$username, &$account_type,
> >&$password);
> >> > //Result: $username == "bob.ISV"
> >>
> >> I think you meant to use [1].
> >>
> >> >
> >> > Now, what I am trying to do is establish a method to prevent the
> >"hook"
> >> > functions from making changes by reference without reference
> >explicitly
> >> > being passed to them by the calling code.
> >> >
> >>
> >> Perhaps you should review [2] and see if your logic works with your
> >> 'call_action'.
> >>
> >> > I have thought of a method which simply makes a copy of all the
> >> parameters
> >> > for each listener within call_action(), however what I would really
> >love
> >> is a
> >> > function which returns whether or not the supplied variable is
> >available
> >> in
> >> > multiple scopes or is in the original scope which it was
> >initialized in.
> >> > Does anyone know of a way to achieve this?
> >> >
> >> > Regards,
> >> > Brad
> >>
> >> Happy coding,
> >> Tommy
> >>
> >> [1] http://php.net/call_user_func
> >> [2] http://php.net/references
> >>
> >>
> >>
>
> In more low level languages like C and C++ you could look at the actual
> value of the pointer, I'm not sure that that is available in php.
>
>
> Thanks
> Ash
> http://www.ashleysheridan.co.uk
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>
Re: [PHP] Detecting Multi-Scope Variables
Perhaps my question was not as succinct as it could have been.
Basically, can you think of a means through which to detect whether or not a
variable is currently present in multiple scopes.
IE:
On Tue, Feb 1, 2011 at 7:12 PM, Tommy Pham wrote:
> > -Original Message-
> > From: Brad Lorge [mailto:b...@lorge.com.au]
> > Sent: Monday, January 31, 2011 9:53 PM
> > To: php-general@lists.php.net
> > Subject: [PHP] Detecting Multi-Scope Variables
> >
> > Hello All,
> >
> > I am new to the list so please be gentle :)
> >
> > I am working on a PHP framework and have run up against a functionality
> > hurdle which I keep falling at. Basically, I have three mechanisms which
> all
> > function in a similar way and require this functionality: templating,
> event
> > handling and "action handling". Within the core code of the application,
> as
> > is common with many applications with plugin architecture, I pass a
> number
> > of parameters to functions which have hooked into a particular "event".
> Part
> > of the mechanism is that parameters can be passed by reference to allow
> > for the listeners to make modifications.
> >
> > $username="bob";$account_type="ISV";$password="fishbum";
> >
> > register_action_listener('process_user', function($username,
> > $account_type, $password){$username.="." . $account_type;} // Or
> > whatever
> >
> > call_action('process_user', &$username, &$account_type, &$password);
> > //Result: $username == "bob.ISV"
>
> I think you meant to use [1].
>
> >
> > Now, what I am trying to do is establish a method to prevent the "hook"
> > functions from making changes by reference without reference explicitly
> > being passed to them by the calling code.
> >
>
> Perhaps you should review [2] and see if your logic works with your
> 'call_action'.
>
> > I have thought of a method which simply makes a copy of all the
> parameters
> > for each listener within call_action(), however what I would really love
> is a
> > function which returns whether or not the supplied variable is available
> in
> > multiple scopes or is in the original scope which it was initialized in.
> > Does anyone know of a way to achieve this?
> >
> > Regards,
> > Brad
>
> Happy coding,
> Tommy
>
> [1] http://php.net/call_user_func
> [2] http://php.net/references
>
>
>
[PHP] Detecting Multi-Scope Variables
Hello All,
I am new to the list so please be gentle :)
I am working on a PHP framework and have run up against a functionality
hurdle which I keep falling at. Basically, I have three mechanisms which all
function in a similar way and require this functionality: templating, event
handling and "action handling". Within the core code of the application, as
is common with many applications with plugin architecture, I pass a number
of parameters to functions which have hooked into a particular "event". Part
of the mechanism is that parameters can be passed by reference to allow for
the listeners to make modifications.
$username="bob";$account_type="ISV";$password="fishbum";
register_action_listener('process_user', function($username, $account_type,
$password){$username.="." . $account_type;} // Or whatever
call_action('process_user', &$username, &$account_type, &$password);
//Result: $username == "bob.ISV"
Now, what I am trying to do is establish a method to prevent the "hook"
functions from making changes by reference without reference explicitly
being passed to them by the calling code.
I have thought of a method which simply makes a copy of all the parameters
for each listener within call_action(), however what I would really love is
a function which returns whether or not the supplied variable is available
in multiple scopes or is in the original scope which it was initialized in.
Does anyone know of a way to achieve this?
Regards,
Brad
