0 Replies Latest reply on Feb 2, 2008 2:14 AM by Adrian Eaton

    Anoying Flash Security "Features"

    Adrian Eaton
      I really wonder sometimes at how some 'security' decisions are made for the Flash product. My hope was that when the Flash brand moved under the wings of Adobe that the decision process might change and some of the annoyances that were in the old product might be removed, but low an behold they seem to be making even more ridicules ones.

      I thought I’d summarise the most annoying of these security mistakes in the hope that someone at Adobe might pick this up and see how ridicules some of these are.

      I’ve only added my biggest grievances, others I can work around, but please feel free to add your own.

      1. Keyboard Shortcuts in Full Screen Mode

      Full screen mode is great; finally we can now start making Media Centre style interfaces for presenting video on the web. But wait… keyboard shortcuts are disabled! Sure, disabling the ability to use something makes it more secure, but at the risk of making it less usable.

      I really cannot understand Adobe’s thinking on this one. I’m sure right now a developer at Apple is thinking, “How can we make the next Mac OS more secure? I know let’s disable keyboard input.”

      2. Download of XML files.

      One of the most important features of Flash is the ability to download additional content dynamically. But why is there a security restriction to only download these files from the same server as the SWF file is hosted?

      Have Adobe never heard of RSS feeds. How can we create integrated and scalable applications if everything has to originate from the same server? Surly the thinking behind this was the sandbox security model, but if this is ignored for flash video, why not XML?