Think Different

The simplicity of scripting language PHP means it will be more popular than Java for building Web-based applications, Internet browser pioneer Marc Andreessen predicted Wednesday in a speech here at the Zend/PHP Conference. Java enjoyed great success when its inventor, Sun Microsystems, released it in 1995, largely because it was optimized better for programmers than for machines, making software development significantly easier, Andreessen said. Unfortunately, Java has acquired many of the unfavorable characteristics of its predecessors, he added. "Java is much more programmer-friendly than C or C++, or was for a few years there until they made just as complicated. It's become arguably even harder to learn than C++," Andreessen said. And the mantle of simplicity is being passed on: "PHP is such is an easier environment to develop in than Java." That opinion might not sit well with Java loyalists--and there are plenty of them among the millions of Ja...

While SQL-Injection is one of the most discussed security problems in web applications other possible problems for SQL queries like overlong input are usually ignored although they can lead to all kinds of security problems. This might be caused by the fact that security problems that are the result of overlong input are often buffer overflows and buffer overflows are something many web application security experts know nothing about and choose to ignore. There are however several security problems for SQL queries that are caused by overlong input and no one talks about. max_packet_size In MySQL there exists a configuration option called max_packet_size which is set to one megabyte by default and controls the maximum size of a packet sent between the SQL client and server. When queries or result rows do not fit into a single packet a error is raised. This means an overlong SQL query is never sent to the server and therefore never executed. This can lead to security problems when a...