Cross Domain Security Failure in F7
DIGG IT!
0
Comments
Published
Wednesday, September 10, 2003
at
6:43 AM
.
Macromedia,
The implementation of Cross Domain security is decidedly poor in Flash Player 7. Unlike prior incarnations of the player this feature is not backward compatible and represents a horrible break from the norm of supporting older SWF content. Although great in concept, this change requires developers edit and reconfigure old content to be supported in the Flash 7 Player. This is the first case where the Player breaks this all important rule.
In the next month, I will get 10-15 phone calls from customers complaining of broken applications and errors in applications PowerSDK provided. We typically separate data services into its own sub-domain for scalability purposes allowing database and application server to scale effectively and not conflict with serving binary http content. Under the security model changes sub-domain are no longer allowed to be accessed and require changes to servers and to SWF content. Worse still is when these failures occur, you consult the end user who typically knows nothing about what is occurring.
I reported these errors during the beta process. Obviously you didn't listen.
In an ideal world, legacy SWF content would operate on the old security model and new F7 SWF content would operate on the new security model. I understand your wanting stricter security in regard to Flash, but crippling legacy content made according to your guidelines is a poor decision any way you cut it.
If there was a primary selling point for using Flash from a consulting standpoint it was backward compatibility, but maybe that isn't important to Macromedia anymore.
Please address this issue.
Theodore E Patrick
CEO / Founder
PowerSDK Software Corporation
0 Responses to “ Cross Domain Security Failure in F7 ”
Post a Comment