 |
 |
Adobe + web = suck
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Some of you may have read about this Flash vulnerability that has been making the news and affects any website that supports file uploads?
The Cliff Notes version is that any site that accepts file uploads and will accept a Flash SWF also allows uploading malicious Flash files that when executed allow reading/writing files, including, AFAIK, the cross domain policy definitions that would enable communication with assets hosted on other domains. So:
1) I upload SWF
2) I send you URL to this or somebody get you to execute this
3) Actionscript in Flash movie has access to do all sorts of things once the SWF has been executed
Adobe's official response is for web developers to fix their apps. This is sort of reasonable, you shouldn't allow people to upload and store SWF files, sanitization of uploaded content is always a necessary thing, and there is no backwards compatible way for Adobe to fix this, but it still exposes a pretty flawed, lax design.
Add this to the list of other Flash related problems which we are all aware of: buggy plugins, slow, bloated, etc. and there is plenty to dislike about Flash, but what about Adobe's other web related apps?
- Dreamweaver: overpriced, bloated text editor that was built around days where URLs weren't merely locators and there was a need for "site management" at the file system level, where WYSIWYG was cool, etc.
- Contribute: backwards CMS
Is it just me, or has Adobe really fallen from their mighty pedestal? They used to be the company for all things media, but these days outside of Photoshop and Illustrator, can the same be said? Is Adobe another Microsoft that will survive off of its cash cow products for as long as they can? Have they developed any web-related products that are relevant and exciting today? Maybe Flex? ColdFusion? Adobe has certainly missed their opportunity for their name to be synonymous with web based media as it was for print and video, IMHO.
Where do you see them? If they sort of fizzle out do you see Apple buying them some day?
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Nov 1999
Location: Where Airbus babies hatch
Status:
Online
|
|
WYSIWYG is not cool anymore? I thought it was basic principle?
And Photoshop is the MS Office of creatives, except that there is simply no alternative.
|
|
|
| |
|
|
|
|
|
|
|
Moderator  Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
How is this problem specific to Flash? If I managed to get a rogue Silverlight or Java app on your server, wouldn't that carry very similar problems? This seems a bit like a newspaper article I saw about how iPods can be used to steal sensitive files from work — without noting that it's just as possible with any other device that can store files.
|
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by Chuckit 
How is this problem specific to Flash? If I managed to get a rogue Silverlight or Java app on your server, wouldn't that carry very similar problems? This seems a bit like a newspaper article I saw about how iPods can be used to steal sensitive files from work — without noting that it's just as possible with any other device that can store files.
Getting the file on the server is not specific to Flash, but the lax cross domain policies coupled with Actionscript provide for a lot of attack potential.
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Jun 2000
Location: Inside 128
Status:
Offline
|
|
Just because you are prejudiced against WYSIWYG, doesn't mean it's not used by lots of folks.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
I know it's used, but it shouldn't be - it's a great way to destroy a site. If you are going to go WYSIWYG at least limit what it can do so that you cannot create ad hoc styles and treat your webpages like Word documents.
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Jun 2000
Location: Inside 128
Status:
Offline
|
|
Well, the presupposition being that folks also know what they're doing and shut off that so-called auto-style feature. I like having a preview of what I'm working on without loading a browser, and Dreamweaver also has some neat little debugging hints that can both predict browser rendering bugs and suggest fixes.
Anyway, sounds like your real gripe with Adobe is over the flash thing.
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Jul 2005
Location: Away for Summer
Status:
Offline
|
|
SubEthaEdit all the way. 
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
Originally Posted by andi*pandi
Well, the presupposition being that folks also know what they're doing and shut off that so-called auto-style feature. I like having a preview of what I'm working on without loading a browser, and Dreamweaver also has some neat little debugging hints that can both predict browser rendering bugs and suggest fixes.
Anyway, sounds like your real gripe with Adobe is over the flash thing.
No, I'm prejudice against DW too Sorry, I've just seen too many DW sites lacking any sort of cohesiveness to style, good markup, and while fans claim that it's a great text editor it just seems silly to me personally to be load this big bloated editor.
Moreover, what you are describing is the construction of static pages. I happen to think that we are at the point where it simply doesn't make any sense to invest time/effort into static pages, static where each page is its own file and you manage pages/your site structure at the file system level. In creating static HTML pages this way you cannot decouple the template from its content without depending on DW's recognition of those comment tags, you lose the ability to search for this content, edit the pages through the web, and display any other dynamic content progamatically. I feel that there are so many good CMS options out there now that the whole DW model seems quite outdated.
Just my two cents. I'm rather opinionated on this stuff, I know, but don't take this as a lack of respect for any good work that is possible with these tools, I'm just speaking for myself...
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Jun 2000
Location: Inside 128
Status:
Offline
|
|
Static shmatic.
I think it's been awhile since you tried DW. However, I know this isn't a discussion with you but a soapbox. Good day sir.
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Mar 2001
Location: yes
Status:
Offline
|
|
It is a soapbox, but until you can point me to a host that will allow direct connections to its underlying database, I think it's also a pretty reasoned argument to say that DW is primarily an editor for static pages. Perhaps DW would be useful on a LAN where you can control those sorts of direct connections on port 3306 (in the case of MySQL), and perhaps it would also be useful via a VPN, but a general purpose host? I remain unconvinced.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2007
Location: Johannesburg, South Africa
Status:
Offline
|
|
Adobe After effects rocks. As long as they keep it on the cutting edge (and I don't mean that lightly, I've used them all) they will have my full support.
But I do think that Adobe is becoming "the man". Which sucks.
I hate the Man.
|
You're gonna die anyhow.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
