From: Oxygen3 24h-365d: "Absence of occupation is not rest; A mind quite vacant is a mind distressed." William Cowper (1731-1800); English poet. - Potential Risk in Dreamweaver Remote Database Connectivity - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, April 7 2004 - Macromedia has published -at http://www.macromedia.com/devnet/security/security_zone/mpsb04-05.html- a security bulletin informing of a potential risk in Dreamweaver's remote database connectivity. According to the bulletin, connection to remote databases in Dreamweaver -for building dynamic database-driven websites- installs scripts that can unveil DSNs (*) to attackers. As a result, an attacker could use those scripts to send SQL commands to the server and take control of the database server. Macromedia advises users not to define a database connection using the driver on a testing server accessible to the public. If a connection has been defined, use "Dreamweaver's Remove Connection Scripts" menu command to remove the files that allow access to the database, which should also be password-protected. Users and programmers are advised to read the document available at http://www.macromedia.com/go/DMJL_AACE, about the security implications of remote database connectivity. *DSN (Data Source Name): Way in which an ASP application refers to a database. The DSN contains relevant information on the database, including its location or how to access it. NOTE: The addresses above may not show up on your screen as single lines. This would prevent you from using the links to access the web pages. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1)Netsky.P; 2)Netsky.D; 3)Netsky.B; 4)Nachi.B; 5)Downloader.L. ------------------------------------------------------------ Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member