5 Replies Latest reply on Apr 24, 2007 1:05 PM by peterent

    File Reference Data

    buabco Level 1

      Is there a way to access a file reference data?, or do I have to upload de file to the server and the download it in order to get the file data (This sounds so much as overkilling).

      Also, is there a way to store the file reference data for future use, lest say I wish to keep the file reference data so my flash applicaction can access the same file in the future, can sore this, lest say in a server database or something?

      I hope people form adobe could answer this :)

        • 1. Re: File Reference Data
          peterent Level 2
          You cannot access the location of a file. It is a security restriction. Check out Adobe Apollo on the labs.adobe.com site if you want to write a Flex application that requires local file read and write.
          • 2. Re: File Reference Data
            buabco Level 1
            I understand that, but apollo it's in it's early alpha. And it sounds kind of stupid been able to upload a file to the server, been able to download a file from the server, but not been able to read it locally, I don't see how this restriction applies if there is such a simple work around by doing a server upload - download operation.
            • 3. Re: File Reference Data
              peterent Level 2
              You have to think about this from the end-user's point of view. When I download something, I chose to do it and by picking the OK button I am authorizing the program to save a file to my disk. That's why you can't just start downloading files from a server - the user has to be involved.

              If it were possible to read the file location when doing an upload, a malicious SWF could start reading all of the files from a directory and saving them to its creator's server. Since we don't provide the file's location, that isn't possible.

              The file upload and download is a security risk that we had been trying to avoid but our customers demanded it and we provided it, but constrained it in a way to make it safe.

              Does that prohibit some useful tasks? Yes, but rather that than have to issue security patches because someone had their data stolen.

              Our customer's security is one of our highest priorities. More people trust the Flash Player more than any other piece of software.
              • 4. Re: File Reference Data
                buabco Level 1

                Thanks for taking your time to discus about this issue. I've always liked the approach flash has had to protect personal data, or to be more specific to completely separate Internet form the local PC environment. And the proof that you guys are on the right track is that there are no FLASH viruses yet.

                Still, and if it's possible I would like to make a few suggestions that shouldn't affect the security model but definatelly improve the way FLASH communicates with the server:

                1.- Access a File Reference locally, I'm not talking about accessing any file on the local PC but the one the user manually selected for lets say an upload (Básicaly add an open command to fileReference), this would be very usefull since will allow the SWF to process the file before sending it, wich for example will allow to change an image size before upload or to process a text file and upload only the results of this process. I don't see how this could be a security risk since you are able to do this with the server and a huge everhead today.

                2.- Been able to store the file Reference, again without accessing the PATH of the file, but the file reference object itself will be most useful to for lots applications, you don't need to have access to a directory structure but be able to access a file previously selected by the user. Just a while ago I wrote a flex application that uploaded a single file to a server every hour. I was able to store in a shared object all the paramenters a user selected for the upload except for the file reference. This meas that the user has to select the file every time it opens the application.

                • 5. Re: File Reference Data
                  peterent Level 2
                  The best thing for you to do is fill out a request form:

                  The product teams always read these and prioritize them for a future release. My guess is that they will consider the matter resolved by Apollo, but it can't hurt to let them know what you think.