Hey All,

I have a question pertaining to how PHP handles the residual values in
memory once a thread exits. I am working on some credit card processing
logic and would like to ensure that the values I am working with are not
being left to their own fortune after the application exits. Out of habbit,
I have just been overwriting all the sensitive variables with x's (strings

The concerns I have are:

   - Am I wasting my time? Does PHP already do this?
   - If a sensitive var had somehow been cast as an int, and then I
   overwrite it as a string, does that just change the pointer to another *
   copy* of the var typecast, or does it actually overwrite the original?
   - Does PHP store the argv/$_SERVER/$_REQUEST vars anywhere other than
   what is reachable in userland? If so is there a way to ensure they do not

Any help you can provide would be hugely useful!


Reply via email to