在PHP中从物理内存中清除变量的值 [英] Wiping out value of a variable from physical memory in PHP
问题描述
从安全标准的某些要求(在处理某些重要数据时,无法将数据从内存转储到磁盘)出现问题。根据内存加密?主题,没有好的方法来加密内存中的数据。 / p>
所以,当在PHP中取消设置String变量时,您不能确定内存中的数据被覆盖。关于将新值设置为变量的相同故事。
因此,如果可以从内存中消除变量值而不更改
首先,我不知道擦掉字符串将满足您描述的安全要求,因为在理论上还可以在字符串擦除之前转储内存。但是这样做是不可能的,因为你无法在记忆中处理数据。
无论如何,如果你想确保字符串被擦除,我认为在PHP中唯一的方法是循环遍历字符串并修改每个字符:记住,内存的内容不会消失,直到被覆盖,即使你没有引用变量,PHP GC已经运行。
我相信这会工作:
for($ i = 0; $ i < strlen($ str); $ i ++)
$ str [$ i] ='x';
The general question is: Is it possible to remove value of the String variable from physical memory after that variable being unset in PHP?
The problem arised from certain requirements of security standards (there should be no way to dump data from memory to disk while processing certain vital data). According to "Is memory encrypted?" topic there is no good way to encrypt data in-memory.
So, when unsetting String variable in PHP you cannot say for sure that data in memory was overwritten. Same story about setting new value to variable.
Thus I'm interested if it is possible to wipe out variable value from memory without changing core code of unset method?
First of all, I'm not sure that wiping out the string will meet the security requirement you described, as one could still theoretically dump memory before the string is wiped anyway. But that's impossible to meet anyway, as you can't process data without having it in memory.
Anyway, if you want to ensure the string is wiped, I think the only way to do so in PHP is to loop through the string and modify each character: remember, the contents of memory do not go away until overwritten, even if you have no references to the variable and PHP GC has run.
I believe this will work:
for( $i=0; $i < strlen($str); $i++ )
$str[$i] = 'x';
这篇关于在PHP中从物理内存中清除变量的值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
