When developing sites using Dreamweaver, it creates a _mmServerScripts directory on the root of your site. We've been reading that this folder contains SQL statements that are vulnerable to attack. We would like to avoid this all together, if possible. Is this folder even necessary? Can you do anything to Dreamweaver to tell it to never create these folders?
Thanks in advance.
When you're creating dynamic pages with Dreamweaver, it creates files in the _mmServerScripts folder. Those files are used to obtain information about your database, such as table names, table columns, and column types. This information is used within the built-in server behaviors (and possibly third-party extensions) in order to generate the appropriate code to insert into your page. One such server behavior would be the Recordset server behavior. This interface allows you to select a data source, table name, and column names to include in the recordset.
If you do not use any of the dynamic data functions within Dreamweaver, it probably does not create the _mmServerScripts folder, but if you use that functionality, it will create that folder. If you want to remove the files in this folder, which is hidden within the Dreamweaver Files panel by default (show hidden files: Files panel option menu on the upper right of the panel, View -> Show Hidden Files) by selecting: Site -> Advanced -> Remove Connection Scripts
I do not have a very extensive knowledge of the contents of the files, so I can't comment knowledgeably about what, if any, vulnerabilities exist within the files within the folder, but it would be good to include links to such discussions you've been reading about.