in reply to Authorize.Net Credit Card

when this number is stored in the variable how long is it stored in the system memory? Is there anyway to prevent this from happening?

ummm ... errr ... no.

Seriously if it's in a variable, it's in system memory. And it will be in memory, theoritically, until the end of its scope (possibly until the end of the process or depending on how you've configured your system and what happens to the process, possibly forever in a core dump).

This is why you have to take a "layered" approach to security.

  1. batten down the web server, don't run it as root and whatever user you run it as, ensure others in that group are trustworthy
  2. batten down the os, make sure all security patches are applied in a timely fashion.
  3. batten down your network, make sure your firewalls are configured correctly
  4. batten down your people - if you can't trust them ...

then stop worrying ... or worry less.

-derby

update: I forgot:

0. batten down your app. Ensure you use the correct scope and handle faulty input (including signals) correctly.

another update: Just saw a review of this on slashdot ... may be worth the buy.

In Section Seekers of Perl Wisdom