Please Cc: me with responses.  I dunno how soon I'll be able to read 
php-general again...

Short version:
If a program doesn't take data from stdin, and you want to get data 
to it more securely than writing it to a file, is there some 
combination of exec/popen and/or Un*x redirection <|> that will get 
the data to go from PHP to the program, without hitting disk, and 
without being in "ps -auxwwww" output?

I *KNOW* I can do it with popen if it would just take data on stdin 
like any normal Un*x program. :-( :-( :-(

I tried in the shell to use < and > and whatnot, but it didn't seem 
to like that...

Does popen add any inherent ability to shove data to it via <|>, even 
if it's expecting a file?... How?

Did I just not get the right magical combination of <|>?  I grok | 
okay, and even >, but as soon as you start using <, I get lost for 
some reason...

Long version:
Suppose, hypothetically speaking, the following:
   Vendor provides a binary for talking to their credit-card processing center.
   Vendor provides PHP API script for accessing above binary.
   Said script boils down to this algorithm:
     Dump credit card info into $TEMP file.
     exec("binary ALLSTDIN $TEMP");

Now, granted, this is on an SSL server, and there shouldn't be any 
random users with access, and the files in question are being done 
via suExec, so it's not like they are world-readable...

But *STILL*, I'm concerned about files sitting around on the hard 
drive with cc#s in them.  What if somebody *DOES* break in and gets 
the suExec users's password somehow?  What if they find and start 
reading those files?  What if they don't get as far as that user's 
password, but they start resurrecting recently unallocated blocks 
from the hard drive?

I just don't like the idea of storing credit card numbers on my 
web-site's hard drive, no matter how briefly.  (And when their server 
is down or slow, it ain't gonna be all that brief...)

Now I know that you can convert to popen() if the binary in question 
will take data from stdin.

But the binary in question does not, at least from my lame attempts 
in a command shell.  OTOH maybe that ALLSTDIN arg needs to change to 
something else to use stdin instead of a file...  Though I would 
expect ALLSTDIN would be the keyword for data to come on stdin, not 
from a file, so I can't even *begin* to guess what keyword means 

I've already emailed the vendor, but I'd just as soon patch their PHP 
API software as wait for their response, if there's some combination 
that works and doesn't just move the exposure to "ps auxwww" instead 
of the hard drive.

They've got 200-page manuals about their API and their product and 
everything else that's not rocket-science, but nothing I can find 
about the actual binary and --help and -h don't put out usage prompts 
or anything standard like that :-(

I even tried to run "strings" on it, in the hope of finding some 
nugget of info, but it wasn't particularly useful to somebody as dumb 
as me.  I have had luck in the past with "strings" printing out the 
help itself (along with a lot of other crap) so I guess I'm not 
totally stupid to figure that one out, but no go this time.
WARNING [EMAIL PROTECTED] email address is an endangered species

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to