Sun Gets Into Database Market: Buys MySQL

Posted by James | Filed under Web

mysql-logo

Sun Microsystems announced yesterday that it had entered into an agreement to acquire open source database company MySQL AB for $1 billion in cash and assumed stock options. MySQL is used by many of the web’s largest sites, including Google, Facebook, Digg, Wikipedia, and makes up the "M" in LAMP (Linux, Apache, MySQL, PHP), one of the most popular open source web development stacks utilised by web sites today.

"Today’s acquisition reaffirms Sun’s position at the center of the global Web economy. Supporting our overall growth plan, acquiring MySQL amplifies our investments in the technologies demanded by those driving extreme growth and efficiency, from Internet media titans to the world’s largest traditional enterprises," said Jonathan Schwartz, CEO and president, Sun Microsystems in a press release.

On his blog, Schwartz revealed that Sun would soon be announcing a new set of MySQL support services. "Though many of the more traditional companies use MySQL," he wrote, "many have been waiting for a Fortune 500 vendor willing to step up, to provide mission critical global support." Previously, Sun sold support for competing open source database, PostgreSQL.

Schwartz also talked about having "assembled all the core elements of a completely open source operating system for the Internet." Sun’s open source development stack now includes Java, OpenSolaris, MySQL and GlassFish. It would appear that Sun is hedging its future on open source (though the acronym is harder to pronounce than LAMP).

Though many industry watchers see the Sun acquisition as a smart move and a great fit, some point out potential difficulties moving forward. Raven Zachary, an analyst at The 451 Group, thinks the purchase of MySQL "raises a whole bunch of issues concerning Sun’s close ties to Oracle, as well as their investment in PostgreSQL." And Larry Dignan wonders, "if Sun makes MySQL more enterprise acceptable does that diminish its mojo with startups?"

Tags: , , , , ,

Read more | Comments (0) | January 17th, 2008

Protecting against SQL injection attacks

Posted by James | Filed under Code, Geek, Web

SQL Injection

SQL injection is a serious concern for web developers, as an attacker can use this simple hacking technique to gain access to sensitive data and/or potentially cripple your database. If you haven’t secured your applications, get familiar with the following method and grind it into your coding routine!

I’ve read a lot of guides, and they seem to tend to overcomplicate this, so I’ll be as straight forward as possible. In PHP the easiest way is to pass your data through the mysql_real_escape_string function. By escaping special characters on fields where the user can manipulate the database, you will avoid being vulnerable. Take a look below at the example of what to do and what not to do.

Another safe way of performing MySQL queries in PHP is to use the included mysqli library (you can read up on all the functions at http://php.net/mysqli):

The most important part of protecting yourself is stopping users from being able to pass unaltered database manipulative special characters, like single quotes.

MSDN - SQL Injection Article
Wikipedia - SQL Injection
SecuriTeam - SQL Injection Walkthrough
SitePoint - SQL Injection Attacks, Are You safe?

Tags: , , , ,

Read more | Comments (0) | October 31st, 2007

Creative Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales
Creative Commons Attribution-NonCommercial-ShareAlike 2.0 UK: England & Wales