Hey All, I have a question pertaining to how PHP handles the residual values in memory once a thread exits. I am working on some credit card processing logic and would like to ensure that the values I am working with are not being left to their own fortune after the application exits. Out of habbit, I have just been overwriting all the sensitive variables with x's (strings only).
The concerns I have are: - Am I wasting my time? Does PHP already do this? - If a sensitive var had somehow been cast as an int, and then I overwrite it as a string, does that just change the pointer to another * copy* of the var typecast, or does it actually overwrite the original? - Does PHP store the argv/$_SERVER/$_REQUEST vars anywhere other than what is reachable in userland? If so is there a way to ensure they do not persist? Any help you can provide would be hugely useful! Regards, Brad
