[10/29/08 – OK, read the below, but also read the following posts before you get all uppity.]
https://www.bit-101.com/2003/1389
https://theflashblog.com/?p=423
https://theflashblog.com/?p=463
https://www.bit-101.com/2003/1590
https://www.bit-101.com/2003/1608
[That is all. Continue reading my rant.]
OK, I’m being a bit dramatic to get attention, but there is a serious issue here, which I hope Adobe takes notice of and thinks about changing.
Often one of the most frustrating parts of working with Flash is dealing with security issues. I understand completely the need for security in Flash. Any mention of any security loopholes in Flash spreads like wildfire around the Internet and is blown up to represent the end of the modern civilization, and of course, a new reason to NOT use Flash. So Adobe has to clamp down on them. But man, sometimes it feels like they get a little TOO enthusiastic about locking down Flash.
The latest one that’s bugging me is a Flash 10 Player change that only allows you to open a file browse dialog via a direct user interaction such as a button push/mouse click. The idea here is to prevent malicious code from opening a file dialog and perhaps making you think it is for something else, and you wind up uploading some sensitive data to someone else’s server. I can see the point, but it’s creating some havoc.
It seems that various solutions such as SWFUpload use a mix of SWF + JavaScript to allow for file uploading. My understanding is that you click an html upload button that calls a method in the SWf via JavaScript to initiate a file browse and upload. Works fine in Flash 9, but you get a security error in Flash 10.
The real issue is that SWFUpload is what is used by WordPress for their file uploader. So Flash 10 is going to break this feature across the boards in all WordPress installations, which is like eleventy-zillion.
Oh, and there’s another little site that a few people use that implements a similarly coded Flash uploader. I think it’s called Flickr. Yeah, the Flickr uploader is busted in Flash 10.
There are probably plenty of other photo/video/etc. uploaders which are similarly destroyed by this new security feature. Again, I understand the intent, but I seriously hope that Adobe takes a good look at this one and makes it possible for products like SWFUpload to work. Possible workarounds are a “trust” dialog, or just going back to Flash 9 behavior.
Here are some links for further info on this issue:
https://wordpress.org/support/topic/179104?replies=4
https://trac.wordpress.org/ticket/6979
https://wordpress.org/support/topic/177127?replies=6
https://swfupload.org/forum/generaldiscussion/551
As you can see reading through some of this, the perception by the world at large is that this is a “bug” or it is “broken”, not that it is a “security feature”. Some even interpret this as, “unlikely that Flash 10 will be able to do any sort of file uploading of any kind.” And of course, the recommendation across the board is “don’t upgrade to Flash 10, or downgrade to Flash 9.” Great work guys. Create the best Flash Player EVER (seriously) and then piss people off so much that they don’t want to use it.
Breaking millions of installs of software and disabling some of the features on some of the major sites of the Internet for a percieved security fix is utterly irresponsible and only brings bad press and bad blood to Adobe.