Accessibility
 
Home / Developer Center /  

Logged In
Vernon Viehe

Vernon Viehe is the technical editor of several books about Dreamweaver. He is a former Macromedia Community Manager. Vernon has worked on various support teams at Macromedia including Dreamweaver, Fireworks and FreeHand, and he has been involved with the Macromedia Online Forums and its volunteer programs.

View Previous Columns
 

Logged In
Get logged in to the web development community. Just as you log in to your favorite website to find the latest news, "log in" with us to hear about happenings in web development and the latest trends in Macromedia products—directly from the teams that create, market, sell, and support them.

 

 

 

 

  
Securing your web applications


Security is one of the most important considerations for anyone developing or maintaining a web application these days, whether it's to protect against website vandalism, or to guard against hackers with more malicious intent.

The key to good security is prevention, and the key to prevention is knowledge. The new Security Developer Center at Macromedia features articles, tutorials, sample chapters, as well as links to internal and external security resources to help you become more knowledgable about security issues and preventative techniques.

Maintaining a secure web application can be an ongoing process. Those that may try to hack your site will surely stay up-to-date on any newly discovered vulnerabilities, so it's important that you as the developer, network administrator, or website administrator also stay informed of the latest security information available. There several avenues you can regularly check to ensure that you stay informed of new security issues as they come to light.

The Security Zone
At the Macromedia Security Zone, you can stay abreast of the latest Security Bulletins that may affect your web applications. Macromedia Product Security Bulletins (MPSBs) are bulletins which pertain to possible security issues discovered in Macromedia products, and typically explain how to install a patch or a new version to protect your web applications against a particular security vulnerability. We also publish Customer Security Bulletins (CSBs), to share information we have about security risks in third-party products that we know our customers may be using in conjunction with Macromedia products.

Product Support Centers
Use the Macromedia Support Center for each of our products to stay informed of the latest support issues, and to search for TechNotes which pertain to security. Entering the word security in the search box located on each support center will return any security related TechNotes for that particular Macromedia product, as well as other useful documents on our site which pertain to security in general.

What if you discover a security issue?
What if, during your testing and configuration, you discover a security issue that you know will affect other Macromedia developers? What if you want to get the word out? If you discover a security issue, send an e-mail to secure@macromedia.com using the security alert guidelines. This will ensure that we are aware of any possible security issues as quickly as possible, and so that we can share the information with others that may be affected.

When you're contacting us about a possible security issue you have discovered, you'll need to include the following information, as mentioned in the security alert guidelines:

  • A complete description of the problem.
  • An explanation of how you found the problem and how it can be reproduced.
  • The appropriate URL, if that is relevant.
  • Any relevant system information (e.g. OS version, database, SMTP server, etc.).
  • Versions and editions of all the Macromedia software involved.
  • Your contact information including name, phone and email, in case we need to contact you for additional information.

I strongly recommend that you sign up for our Security Zone Notification Service, an easy way to stay informed about new security issues. When you sign up for this newsletter, you'll be immediately informed by email when a Macromedia Product or Customer Security Bulletin is posted to the Macromedia website.

Developer's conferences and local user group meetings are also great places to learn about security issues and techniques. At Macromedia DevCon 2002, Macromedia Flash Community Manager Mike Chambers will be presenting a seminar entitled "Best Practices: Security & the Macromedia Flash Player," which will cover the security model in Macromedia Flash and how to ensure the integrity of your Rich Internet Applications.

Additional resources
Be sure to look for security resources other software vendors may make available to you, in addition to the wealth of resources available in the Security Development Center at Macromedia. When it comes to information on security issues, more is definitely better.