I have a question pertaining to how PHP handles the residual values in
memory once a thread exits. I am working on some credit card processing
logic and would like to ensure that the values I am working with are not
being left to their own fortune after the application exits. Out of habbit,
I have just been overwriting all the sensitive variables with x's (strings
The concerns I have are:
- Am I wasting my time? Does PHP already do this?
- If a sensitive var had somehow been cast as an int, and then I
overwrite it as a string, does that just change the pointer to another *
copy* of the var typecast, or does it actually overwrite the original?
- Does PHP store the argv/$_SERVER/$_REQUEST vars anywhere other than
what is reachable in userland? If so is there a way to ensure they do not
Any help you can provide would be hugely useful!