It's always interesting to get an outsider's perspective on the language that we all work with and love (or hate, just depends on how debugging's going). In his latest blog post, Chris Justis does just that with some of his comments from an interview with IEEE magazine about why Java will outlive PHP.

I had the good fortune to be interviewed by an IEEE magazine in February to comment on the demise of Java (vs. PHP). A 45-minute interview turned into a paragraph in the article, but I thought that I might put all of my thoughts up on my blog.

There's some interesting ideas here, but I'm not sure that most of them mean the "victory" of Java over PHP. In fact, most of them seem to reinforce the thought that PHP and Java will coexist happily for a good long while.

In this new posting from Xaprb's blog today, there's a look at four different types of database abstraction layers, each with their own unique strengths.

Quite a few people have chimed in on a recent discussion about PHP, MySQL, database abstraction layers, and performance. I think enough viewpoints have been covered that I don't need to comment, but one question I don't see answered is "what are the qualities of a good SQL abstraction layer?" I think it's a very interesting - and complicated - question. As it turns out, the term has several meanings, and I think it's important to understand them.

The four types he lists are:

• Libraries that provide access to a database
• Libraries that present a common interface to different server software
• Libraries that write portable SQL
• Object-relational mapping software

Each has their own description and example packages that show the strength. Following these notes, he shares some opinions on each, mentioning his likes and dislikes about the state of support for them.

Jim Plush, author of the popular My-Bic Ajax/PHP framework, has posted some new video tutorials on his site on four different topics.

4 new video tutorials have been put up on the My-Bic website that cover topics such as: Getting your HelloWorld script up running in 30 seconds, Using the Debugger, Using the Network Down functions.

These are just the first in a series, too. He plans to create more to cover the entire functionality of the framework. You'll need QuickTime to view them, and they range in time depending on the subject matter - anywhere from one to four minutes.

Zend Tehcnologies will be releasing tomorrow (Wed, April 12th) the latest version of their "code protection utility" - Zend Guard 4.

Zend Guard 4 offers an unprecedented level of code protection and a complete license management solution for the distribution of PHP applications. Zend improved the Guard product line to minimize the risk of reverse engineering by increasing protection during the encoding phase.

Zend Guard has two parts to it - the encoder and the license manager for your scripts. You can quickly and easily distribute your encoded scripts to the masses, and licenses can be easily updated/renewed without having to send out anything new. Some of the license options include concurrent users, time limitations, and if it needs to be server-specific or not.

Look for the release of this product tomorrow on the Zend website.

According to this new post on 4null4.de today, there are four new vulnerabilities in the most recent releases of PHP that have been found.

heise online, the popular and well-known German IT news site, conveys four new vulnerabilities in the PHP script language. PHP is often used for web applications such as WordPress and many bulletin board systems like phpBB or vBulletin. The issues can be found in PHP versions up to (and including) 4.4.2 and 5.1.2, and the current CVS snapshots for the upcoming 5.1.3 release will be first to fix the issues.

The errors are:

• A problem with copy() that circumvents the "Safe Mode" for users who are logged in at the system.
• A possible issue with tempname() that could ignore the "Safe Mode" setting also
• a third leak that could lead to a web server process crashing (recusive function calls)
• and an XSS attack issue with the standard phpinfo() page

The 4null4.de post has a summary of the issues, but the original article from heise has the complete info (as well as links to examples of the problems as documented on SecurityReason.com).

One of the more popular questions I see from budding e-commerce site owners is how to add a payment system to their site. They have the catalogs and shopping carts all set, but they're missing that key piece to handle the transaction. Paypal, one of the largest online payment handlers, has released a new resource to help make life easier - the PayPal Integration Center.

Along with this launch, they have also upgraded the PHP SDK they offer to a shiny, new version - 4.0. According to DynamicWebPages.de, they've added the ability to make a request without an SSL certifiicate, made installation easier, and more.

Their prefered method of installation has moved over to a PEAR-based setup, making it as easy as going to the source directory and calling "pear install package.xml". Of course, not everyone has access to the server their running on (shared hosting), so they provide another method just for them. It's still simple, but requires the inclusion of files on each execution.

The PHP Security Consortium has posted more SecurityFocus Summaries on their site today:

• #327 - includes issues with Drupal, PHPWordPress, WebCalendar, and KBase Express
• #328 - includes issues with PHPMyAdmin, Web4Future, PHPForumPro, and MyBB
• #333 - includes issues with Venom Board, Andromeda, MyPhPim, and PHP Toolkit
• #334 - includes issues with GeoBlog, microBlog, AOblogger, and My Amazon Store

Of course, there are many, many more issues in each of these items than are psoted here, so be sure to check out 1 comment voice your opinion now!
securityfocus summaries posted four 333 334 328 327 securityfocus summaries posted four 333 334 328 327