I really wonder sometimes at how some 'security' decisions
are made for the Flash product. My hope was that when the Flash
brand moved under the wings of Adobe that the decision process
might change and some of the annoyances that were in the old
product might be removed, but low an behold they seem to be making
even more ridicules ones.
I thought I’d summarise the most annoying of these
security mistakes in the hope that someone at Adobe might pick this
up and see how ridicules some of these are.
I’ve only added my biggest grievances, others I can
work around, but please feel free to add your own.
1. Keyboard Shortcuts in Full Screen Mode
Full screen mode is great; finally we can now start making
Media Centre style interfaces for presenting video on the web. But
wait… keyboard shortcuts are disabled! Sure, disabling the
ability to use something makes it more secure, but at the risk of
making it less usable.
I really cannot understand Adobe’s thinking on this
one. I’m sure right now a developer at Apple is thinking,
“How can we make the next Mac OS more secure? I know
let’s disable keyboard input.”
2. Download of XML files.
One of the most important features of Flash is the ability to
download additional content dynamically. But why is there a
security restriction to only download these files from the same
server as the SWF file is hosted?
Have Adobe never heard of RSS feeds. How can we create
integrated and scalable applications if everything has to originate
from the same server? Surly the thinking behind this was the
sandbox security model, but if this is ignored for flash video, why