Studio 8 vs. CS3

Report · Oct 24, 2007

Have the security issues with the code Dreamweaver writes been fixed in CS3 compared to Studio 8? Studio 8 creates code that is easily subject to security hacks, like SQL injections. There are code corrections to fix this... are they part of the code in CS3? The last thing I need is to purge a SQL DB table from 1000 entires about valtrex every other day.

With that said, any helpful suggestions for those dynamic site developers to prevent such attacks/hacks?

Report · Oct 25, 2007

jsteinmann wrote:
> Have the security issues with the code Dreamweaver writes been fixed in CS3
> compared to Studio 8? Studio 8 creates code that is easily subject to security
> hacks, like SQL injections.

The 8.0.2 updater fixed the SQL injection vulnerabilities. The code
created by CS3 incorporates the same security measures.

There was a lot of controversy among ASP users that 8.0.2 "broke
previously valid SQL". Since I haven't used ASP for about six years, I
didn't follow the arguments closely, but the main conclusion among
"experts" appeared to be that the broken SQL was using an inappropriate
technique.

As for PHP, the 8.0.2 updater fixed the security loopholes, but
inadvertently introduced a couple of new bugs. They can be fixed by
applying the extension fix downloadable from the link in the first
sentence on the following page:

http://www.adobe.com/go/b6c2ae2a

Those bugs were, of course, eliminated in CS3.

Also with PHP, there was some controversy about the changes "breaking"
SQL that uses wildcard searches of numerical data. In fact, the changes
don't break wildcard searches, but they apply the rules of SQL more
strictly. When using LIKE, the data type must be set to "Text" as
wildcard searches apply to strings, not to numbers. Of course, you can
use wildcards to search for numbers, but they must be treated as a string.

Tom Muck has some strong views about the way the changes hamper the use
of dynamic data, but I've not encountered any problems myself.

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

Report · Oct 25, 2007

Thanks for the reply. It's tough staying one step ahead of these hackers, and I'm glad Adobe is doing such a great job addressing those types of concerns.

Report · Oct 25, 2007

Also should mention, scanalert.com and similar services are a nice way to test the security of your websites, servers, and networks. It's really pathetic that people do this kind of stuff, but you can never be too safe with your database...

Report · Oct 25, 2007

If people need help with this, I have a nice script for ASP developers that's sure to stop them in their tracks. Easy to add to a page, and it will protect your database from hacks. I am willing to give it away for free to those that need it... just contact me with your request and I'll try to help you if you need further assistance. Also, if someone that's a PHP expert would like to translate it to offer it to PHP users, that would be great. The Adobe developer community should stick together and protect our hard work.

Report · Oct 25, 2007

I'd love to take a look at your scripts. Please contact me at forums at
great-web-sights dot com.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================

"jsteinmann" <webforumsuser@macromedia.com> wrote in message
news:ffqhi4$h0c$1@forums.macromedia.com...
> If people need help with this, I have a nice script for ASP developers
> that's
> sure to stop them in their tracks. Easy to add to a page, and it will
> protect
> your database from hacks. I am willing to give it away for free to those
> that
> need it... just contact me with your request and I'll try to help you if
> you
> need further assistance. Also, if someone that's a PHP expert would like
> to
> translate it to offer it to PHP users, that would be great. The Adobe
> developer community should stick together and protect our hard work.
>

Report · Oct 25, 2007

I'm curious as well (and a PHP coder) send it my way too.

Paul Davis
http://www.kaosweaver.com/
Visit us for dozens of useful Dreamweaver Extensions.

http://www.communitymx.com/
Partner at Community MX - Extend your knowledge

jsteinmann wrote:
> If people need help with this, I have a nice script for ASP developers that's
> sure to stop them in their tracks. Easy to add to a page, and it will protect
> your database from hacks. I am willing to give it away for free to those that
> need it... just contact me with your request and I'll try to help you if you
> need further assistance. Also, if someone that's a PHP expert would like to
> translate it to offer it to PHP users, that would be great. The Adobe
> developer community should stick together and protect our hard work.
>

Report · Oct 25, 2007

I sent you both some info on the code. I'm sure you guys can expand on this idea, but I found it to be very effective as stopping SQL injection attacks and unwanted database abuse

Report · Oct 25, 2007

I'd like to see that please. Use spamblock2004 at cox dot net

Thanks.

"jsteinmann" <webforumsuser@macromedia.com> wrote in message
news:ffqhi4$h0c$1@forums.macromedia.com...
> If people need help with this, I have a nice script for ASP developers
> that's
> sure to stop them in their tracks. Easy to add to a page, and it will
> protect
> your database from hacks. I am willing to give it away for free to those
> that
> need it... just contact me with your request and I'll try to help you if
> you
> need further assistance. Also, if someone that's a PHP expert would like
> to
> translate it to offer it to PHP users, that would be great. The Adobe
> developer community should stick together and protect our hard work.
>

Report · Oct 25, 2007

Paul Davis, the email I sent you got rejected. best place to contact?

Report · Oct 25, 2007

Got mine. Thanks!

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================

"jsteinmann" <webforumsuser@macromedia.com> wrote in message
news:ffr189$7v4$1@forums.macromedia.com...
>I sent you both some info on the code. I'm sure you guys can expand on
>this idea, but I found it to be very effective as stopping SQL injection
>attacks and unwanted database abuse

Report · Oct 25, 2007

On Thu, 25 Oct 2007 16:51:16 +0000 (UTC), "jsteinmann"
<webforumsuser@macromedia.com> wrote:

>If people need help with this, I have a nice script for ASP developers that's
>sure to stop them in their tracks. Easy to add to a page, and it will protect
>your database from hacks. I am willing to give it away for free to those that
>need it... just contact me with your request and I'll try to help you if you
>need further assistance. Also, if someone that's a PHP expert would like to
>translate it to offer it to PHP users, that would be great. The Adobe
>developer community should stick together and protect our hard work.

I'd be interested in the script! Could you send it my way, please?

Win
--
Win Day, Wild Rose Websites
http://www.wildrosewebsites.com
winday@NOSPAMwildrosewebsites.com
Skype winifredday

Report · Oct 25, 2007

sent

Report · Oct 26, 2007

Sorry, forgot to make the note, kaosweaver at kaosweaver then the dot
and com. Thanks!

Paul Davis
http://www.kaosweaver.com/
Visit us for dozens of useful Dreamweaver Extensions.

http://www.communitymx.com/
Partner at Community MX - Extend your knowledge

jsteinmann wrote:
> Paul Davis, the email I sent you got rejected. best place to contact?

Report · Oct 26, 2007

sent