KingNeil

I am using Javascript to encode data with json... and using PHP to decode this data with json_decode(); My JSON looks like this: When I do json_decode, it doesn't work The reason why, is because of the "0":, "1": etc Usually, json is not encoded with {"0":{"url":"http://www.businessinsider.com but rather, just {"url":"http://www.businessinsider.com without the "{0": What is your solution for this?? Can PHP decode the "{0": Or, is the solution to strip the "{0": altogether...? If so, how would I do this? Thanks

What type of encryption? AES etc? Fact is, this data ends up being decoded into a stock chart on the client side, so if it is encrypted, I can likely find the key

It's absolutely no different than if I loaded the page in a browser I was just wondering if this is a common format that anyone here recognises

I have been using PHP CURL to obtain stock data... The URL is Essentially, it is supposed to return date, time, and price of stock tick data But it returns stuff like "HrCy/h6wsw4esLL+HrCzDh6wsw4esLMOHrCzDh6wsu4esLLeHrCy7h6wsu4esLL" So... I would like to know, what is this format, and how do I decode it? Thanks Here is the full response....

I have a PHP script that downloads web pages, and puts them in an SQL database, to later view them in another PHP script. I have heard that I should do the following, to avoid "weird" characters showing up.. such as.. ’ in replacement of an apostrophe, "" 1. encode PHP script with UTF-8 in Notepad 2. set database table to UTF-8 general ci, including fields in the table 3. use header in PHP script, header('Content-Type: text/html; charset=utf-8'); 4. encode mysql connection in PHP with UTF-8 mysql_query("SET NAMES UTF8",$connect); --- My question is... how does this work on the server side..?? Will this ensure that my script works fine, or do different websites use different encodings or what..?? Is it safe to go all-UTF8, so long as I'm using English-language sites, or what..? I just want proper apostrophes to show up.. lol

So... I've tried using simple_html_dom in order to extract URLs from web pages. And it works a lot of the time, but not all of the time. For example, it doesn't work on the website ArsTechnica.com, because it has a different use of HTML URLs. So... one thing I do know... is that Firefox perfectly gets a list of all links on a page, hence, how you can load up a web page in Firefox, and all the links are clickable. And so... I was wondering... is it possible to download the open source Firefox browser engine, or Chrome, or whatever... and pass some parameters to it somehow, and this will give me a list of all URLs on the page..?? I can then feed that into PHP by whatever means, whether it's shell_exec() or whatever. Is this possible? How do I do it?

Thank you to salathe and kicken.... You have both answered my question precisely.... The point is... PHP isn't going to purge it, and I'd need a different programming language.. OK.... Fine What if I used the Ubuntu program, SDMEM (otherwise known as SMEM), which wipes the RAM, using multiple wipes..? But yeah, this is starting to go beyond the scope of a PHP forum, so thank you very much.... I will consider this thread solved. Thanks.

Well, Christian, you didn't link to how to dump RAM, just search engine searches for how to do it, which I obviously already searched for. Plus, I'm not encrypting the whole disk, but rather, files on it.. Plus, the files themselves aren't even stored on the disk, but an external USB, as I said.... but hey, don't bother reading what I actually typed.. just link me to a Google search.. lol... Anyway, unless someone has the solution, then there's no point adding any more to this thread... I'll leave the thread here... lol

This thread is getting a bit bitter now... lol... I dunno... You look quite pretty from your profile pic, Jessica... why so hostile..? lol... Anyway... I get the basic idea here... The StackOverflow thread is full of people who are basically not sure... If you read the StackOverflow thread.. it's like... MAYBE this will overwrite the RAM, maybe this will overwrite the variable.... so... see.... Jessica... the only reason I asked... is not because I can't be "bothered" to research it... it's because the people in the thread itself are unsure themselves... Like, this is quite a niche area.... and so, no one seems to really know.... So yeah.. lol.. It's going to take a bit more research, and because I have no access to the full RAM, and I can't figure out the other methods that Christian said (hence, I have actually searched it, but I couldn't find the answer) So... anyway, this is basically a minor point... Hopefully someone pops into this thread and answers it... but if not, then I can put this aspect of my software aside while I work on other parts.... In case you're interested, it's going to be software that does encrypted emails, phone calls, text messages, web browsing URLs, and website logins... PHP is only one of the languages used... but yeah... So, nice talking to you all, and sorry if I offended anyone... lol

OK.. so.. according to this thread, they are saying... just overwrite the variables, and then, they are gone with RAM... or.. go even further, and max out the PHP memory limit, of, say, 8MB by defaut on an Apache installation... like, write 8MB of junk data, and then it fills up the whole file, and thus, it's all purged from memory.... I guess that's a decent idea, and I thought about doing that... but then, it's like... it would take quite a while to generate 8MB worth of data, which might slow things down..., but yeah... I had thought of this solutiton... of padding out the file with junk data, and then it's all purged from RAM... I guess I'll just end up doing that, to be extra safe.... However, reading the Stack Overflow thread, someone said PHP strings are immutable, which, according to Wikipedia, means, it can't be changed after being written, so, it's never going to be purged from memory..? I'm not sure if that's true... Can anyone confirm or deny..? It is almost like trying to fight back against people, by waiving your arms around in a pitch black room though... I mean... It would be really awesome if I could get a full RAM dump greater than 1MB, so I could see exactly what the PHP file looks like, but then again, it might be scrambled, so I wouldn't even be able to find it in the first place... so yeah... I guess I'll just have to fill the file with junk data and cross fingers, hope for the best lol... I mean... I'm trying to write a secure piece of software here, so I'd ideally like to be scientific and actually be able to see it in RAM... but lol.... I dunno.... Christian F said there were other methods, to get more than 1MB of RAM... so Christan, please let me know how.... although, remember, I said I'm booting this from a live disc, so, if it requires re-booting, it's useless, because RAM is wiped after a restart, obviously.

First of all, you say other methods can be used other than /dev/mem... but then you didn't mention them... Also.... of course I understand everyone's point about root access making the security moot... but you see.... I have my reasons for this.... OK.... you see... what if, I had a system, whch doesn't store any data at all..? OK... My system boots from a Ubuntu live disc, which is stored on a CD-R, so the OS can't even be overwritten, because, the next time it boots, it's booting from the very same CD-R, which can't be overwitten, because it's not CD-RW. And then... as I've mentioned in this thread.. I use this randomly-generated password, in order to encrypt files, downloaded over the Internet, via the Tor anonymity browser.... and then... the PHP file writes the file to disk, using OpenSSL to encrypt it first.... and so... there are never any clear text files ever stored on the system... Do you see what I am saying..? Like.. it wouldn't matter if someone had root access, because there isn't any data on the system in the first place...? The worst thing they could do is... deliberately shut down the computer, just to mess with me, for fun/annoyance.. Like... little pranks etc, but then, I could even write the OS so it doesn't allow shutdowns without me physically taking out the power cord on my machine... Like... as I've noted in this thread, I am working on my own security software..... And so, I always make the assumption, like Wikileaks founder Julian Assange said, that if your computer is even connected to the Internet at all, then a good hacker could get into your system.... And thus, I always assume that my internet-computers ARE hacked.... And thus, I figured, just assume that it's hacked, but so long as everything on there is encrypted, then it's irrelevant, because AES-256 is the strongest encryption that we know of (unless the NSA can secretly crack it with quantum computers lol)... and thus.... it's OK if it's all hacked, because you can just encrypt everything on it, meaning, all that a hacker could ever retrieve is encrypted AES files... And so.... this is why my original question was about getting the contents of RAM.. because, if you ever studied the documentation for TrueCrypt, it says, the only weakness is, the decryption key is stored in RAM... and thus, I was wondering what PHP does in RAM, in order to figure out if a hacker could retrieve the password for RAM..... OK... I didn't want to have to type out all the specifics of what I was doing, but now I have... and of course, I'm now open to critique about why my software isn't going to work... So yeah

Yeah... but the problem is.. Linux only allows you to extract 1MB at a time of RAM... I should have mentioned that... Like... for security reasons, the Linux kernel is compiled these days to only allow you to extract 1MB at a time with this command.. So, see.... I don't know where PHP is going to store its file... Like.... It may store it mid-way somewhere in the RAM, and thus, my command wouldn't show the info.... Do you see what I'm saying.? Sorry if I'm coming across as rude.... I love it that everyone is helping me for free... I'm not trying to be rude at all... OK... here is the information on the hexdump command, regarding the 1MB thing... http://www.rootninja.com/using-dd-to-search-for-strings-in-memory-or-devices/

Well... I know what data in RAM looks like, in general... For example, if I open a text file using gedit on Ubuntu, I can run the hexdump command, and I get something like this OK... here is the command I use to dump RAM... sudo dd if=/dev/mem | hexdump -C > output.txt And here is a sample of the output... So... interestingly enough, Firefox seems to have stored some info, from this very thread that I am posting in right now.... So actually, no, Jessica, it does not look like 1s and 0s.... the Hexdump command actually gives you the real data from RAM.... And so... I really just want to know if PHP would store things, like, the password, in a readable format, in the same way that the URL PHPFreaks is readable in the dump I posted above... Thanks

No.... there is no point in using a hashed, salted version, because the password itself has to be, in its original form, generated and stored by PHP... and it is not actually stored in a file, but within the PHP script itself.... OK... The PHP script I have is like this... <?php $password = CODE HERE TO RANDOMLY GENERATE LETTERS AND NUMBERS ETC write password to USB device.... then immediately unmount USB device while (1 == 1) { wait for USB sticks to be plugged in, encrypt files using the password generated by PHP } ?> And so.... the password never has to leave the PHP script.... it's never stored in any persistent file on the server... it's only on the USB stick, which is disconnected from the server, and used to generate encrypted files offline.... and then.... as I say... the only other place it's stored is within the PHP script on the server. Like... you mention "database" in your post, but notice, I never said that I had a database, did I..? There is no database involved.... The password is only stored within the PHP file.... OK... this is an encryption program I am writing... So again... I just want to know..... how do PHP scripts look when they are in RAM etc.. like, I just want to know what it looks like, OK..? I appreciate everyone trying to tell me other things, but I just want the ORIGINAL question answered... Thanks

Yeah, but see... I don't have the actual password stored INSIDE the PHP file.. I was just showing you an example, for the sake of this forum..... The actual script randomly-generates a password... .and then stores it... So... back to my actual question, please..... Does anyone have an answer to my original question? Thanks