Studio 8 vs. CS3

Forum|Forum|18 years ago
October 25, 2007
14 replies
598 views

Have the security issues with the code Dreamweaver writes been fixed in CS3 compared to Studio 8? Studio 8 creates code that is easily subject to security hacks, like SQL injections. There are code corrections to fix this... are they part of the code in CS3? The last thing I need is to purge a SQL DB table from 1000 entires about valtrex every other day.

With that said, any helpful suggestions for those dynamic site developers to prevent such attacks/hacks?

Server side applications

This topic has been closed for replies.

Show previous replies

A

Anonymous

If people need help with this, I have a nice script for ASP developers that's sure to stop them in their tracks. Easy to add to a page, and it will protect your database from hacks. I am willing to give it away for free to those that need it... just contact me with your request and I'll try to help you if you need further assistance. Also, if someone that's a PHP expert would like to translate it to offer it to PHP users, that would be great. The Adobe developer community should stick together and protect our hard work.

A

Anonymous

Also should mention, scanalert.com and similar services are a nice way to test the security of your websites, servers, and networks. It's really pathetic that people do this kind of stuff, but you can never be too safe with your database...

A

Anonymous

Thanks for the reply. It's tough staying one step ahead of these hackers, and I'm glad Adobe is doing such a great job addressing those types of concerns.

N

Newsgroup_User

Inspiring

jsteinmann wrote:
> Have the security issues with the code Dreamweaver writes been fixed in CS3
> compared to Studio 8? Studio 8 creates code that is easily subject to security
> hacks, like SQL injections.

The 8.0.2 updater fixed the SQL injection vulnerabilities. The code
created by CS3 incorporates the same security measures.

There was a lot of controversy among ASP users that 8.0.2 "broke
previously valid SQL". Since I haven't used ASP for about six years, I
didn't follow the arguments closely, but the main conclusion among
"experts" appeared to be that the broken SQL was using an inappropriate
technique.

As for PHP, the 8.0.2 updater fixed the security loopholes, but
inadvertently introduced a couple of new bugs. They can be fixed by
applying the extension fix downloadable from the link in the first
sentence on the following page:

http://www.adobe.com/go/b6c2ae2a

Those bugs were, of course, eliminated in CS3.

Also with PHP, there was some controversy about the changes "breaking"
SQL that uses wildcard searches of numerical data. In fact, the changes
don't break wildcard searches, but they apply the rules of SQL more
strictly. When using LIKE, the data type must be set to "Text" as
wildcard searches apply to strings, not to numbers. Of course, you can
use wildcards to search for numbers, but they must be treated as a string.

Tom Muck has some strong views about the way the changes hamper the use
of dynamic data, but I've not encountered any problems myself.

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded