Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PL/SQL web application

From: Pete Finnigan <pete () peterfinnigan demon co uk>
Date: Thu, 6 Mar 2003 22:26:48 +0000
Hi

Java is getting better for performance in the RDBMS but PL/SQL is
currently faster in a lot of cases the simple reason being that most of
PL/SQL is actually implemented as C callouts from PL/SQL, Java tends to
be written in Java and run by the JVM, there is also a bigger overhead
in calling Java in the first place.

cheers

Pete

In article <200302251248.11552.alex () netWindows org>, Alex Russell
<alex () netWindows org> writes

On Wednesday 26 February 2003 11:29 am, Balwant Rathore wrote:

Why they choosed PL/SQL for programming language?
I cannot understand.


Stored PL/SQL is faster because it parses only ones and resides in main
memory and further request doesn't require re-parsing.
For example if a 100 line SQL statement accessed by 100 clients. It has
to compile 100 x 100 times. Same thing can be achieved in PL/SQL block in
compiling only once.

Rich family of In-built function also makes it faster as compare to other
languages.

It’s good to perform DML operations in PL/SQL rather than using methods
of other languages, as they require heavy processing to perform the same
actions.


It should be noted that the same advantages hold for Java Stored Procedures 
under Oracle 8i and up.



-- 
Pete Finnigan
Managing Director
PeteFinnigan.com Limited

Email : pete () petefinnigan com

Web site: http://www.petefinnigan.com

Pete is the founder of PeteFinnigan.com Limited a UK based company specialising 
in Oracle security audits and services. Email info () petefinnigan com for details 
and availability.

Pete Finnigan is the  author of the recently published book about Oracle 
security from the SANS  Institute "Oracle security Step-by-step (A survival 
guide for Oracle security)" - see http://store.sans.org for details.

Some recently published articles include:

http://online.securityfocus.com/infocus/1644 - "SQL injection and Oracle - part 
one"

http://online.securityfocus.com/infocus/1646 - "SQL injection and Oracle - part 
two"


----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html
Previous By Date Next
Previous By Thread Next

Current thread: