back to article This may shock you but Adobe is shipping insecure software. No, it's not Flash this time. Nope, not Acrobat, either

It has been revealed that Adobe's Experience Platform mobile SDKs, used to create apps that interact with the company's cloud services, until recently contained sample configuration files that created insecure default settings. Developers creating apps that utilize those files as templates or examples could find that their …

  1. jake Silver badge

    I'm shocked. Shocked, I tells ya.

    Shocked that anybody still uses Adobe anything, that is.

    Patient: "Doctor, it hurts when I do this!"

    Doctor: "Well, then don't do that!"

  2. IGotOut Silver badge

    Finally the proof!

    After all these years, we have the proof....that their engineering teams have simply user Best Practice as written in the Adobe Manuals.

  3. Anonymous Coward
    Anonymous Coward

    Today's Developers

    In an email to The Register, a spokesperson for Nightwatch said, "[Developers] are supposed to replace the config file with one downloaded from the developer portal... but they often don't."

    Isn't this how development is done these days? Copy & Paste/Link files from other locations and/or ask on Stack Overflow, stir with a big spoon and hope it works?

  4. Anonymous Coward
    Anonymous Coward

    Dear Lord I hate Adobe.

    We have to use their Acrobat products, every install is agonisingly painful when your have to fight throuhg various versions if it demandingindividual Adobe cloud accounts (not suitable for corporate). I think in the end I had to install our teams copies under a single license key because the others wouldn't work or were impossible to install. So we have to have a dodgy install despite paying those horric prices for licenses.

  5. Anonymous Coward
    Anonymous Coward

    The problem isn't that Adobe shipped sample configuration files for use with their SDK, but that developers blindly copy and paste code into production without even a cursory glance at said code.

    Even if Adobe and other tutorials direct you to 'just copy that file into your root directory', any developer worth his salt should still peruse said configuration files before releasing their product.

    1. Claptrap314 Silver badge

      Sadly, it is far from clear that a majority of developers are in fact worth anything, let alone their salt.

    2. Anonymous Coward
      Anonymous Coward

      Why can't it be both?

      I'm not one to give engineers a pass on this sort of thing; indeed, I consider making a serious attempt to understand something completely before using it to build products to be one of those modest professional nuances that distinguishes engineers from devs (and goldfish). At the same time, Adobe failed to demonstrate another modest professional nuance first by creating a template or demo that does not reflect best practices, then by shipping it without noticing the problems, and finally by recommending that a configuration template from a demo be used by customers instead of creating their own from scratch after reading the (hopefully) complete documentation, providing a tool to create one that will be correct by default, or any other safe approach.

      That there are undoubtedly thousands of customers who are going to copy-pasta out of demos or stackexchange regardless does not excuse any of Adobe's errors. This is a classic example of multiple things going wrong to cause an eventual production failure. Correcting any one of them would have prevented the ultimate failure. The author of a piece of software puts his or her name or brand on it and assumes responsibility for its content regardless of who else made various components. When they did so, both Adobe and its customers failed in their duty to their respective customers. But engineering is passé; everyone wants devs now because copy-pasta gets you to market faster. Deploy to production from your desktop, move fast, break shit, disrupt. Devops! Agile! We don't have time to understand what we're doing or why. And you can see that mentality at work on all sides in this case. No reason to choose just one! If you really don't like it, stop giving these people money.

  6. macjules Silver badge

    I am horrified ..

    .. that the owner of Flash could make something insecure. I shall stop using Photoshop immediately.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021