Chris Snyder and I are writing a book entitled "Pro PHP Security" to be
published by Apress. We have written the following there: "The openSSL
functions tend to deal with resources, in-memory pointers to keys,
certificates, etc, rather than the actual values themselves; even on
export, you pass a variable to the function and the exported value is
returned by reference. Our inference is that the authors of the module
wished to limit the number of copies of these values in memory, both for
performance and security reasons." Can anyone verify whether this is
indeed the reason, or if not, explain what the reason is? Thanks very much
in advance.
Michael Southwell, Vice President for Education
New York PHP
http://nyphp.org/twoday - In-depth PHP Training Courses
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
