Right on, but I think you put my concerns into a better language. Where an HTML document is open source data, a SWF is executable code. It seems much more threatening to give this executable code access to the OS or broswer's API.
I know this is a small concern, but Flash is a viable technology because of the high percentage of users that have the pulg-in. If it presents the smallest opportunity of security issues, then we could see that percentage fall. Which would suck. Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2003 6:57 PM To: CF-Talk Subject: Re: Macromedia.Com (The new site?) Adrocknaphobia Jones wrote: > Ok stop me if I'm wrong but this is my rationale. > > The browser, which is a trusted application, cannot access the file > system without direct command of the client. Sure it can. It won't, but it can. > The user has to actually > click the button to initiate. Being that HTML is a document and not a > programming language, the only executable logic run is through > Javascript. This is why I said it required some clever way. There is nothing that prohibits Flash from accessing the browser at a lower layer. Some layer that allows Flash to initiate the upload, and then makes the browser show a confirmation popup. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4