I dont understand. Are you saying that raw sockets is a security
nightmare? or bytearrays? or the sound buffer access? Raw sockets and
bytearrays are already in flash 8 so are you saying there is already a
security nightmare? Or are you saying that sound buffer access would
somehow tip the scales into a security nightmare? If so, how? It seems
to me that that is no more dangerous than giving developers direct
access to the screen display buffer which they now do already in flash
8.
It is the combination. With all 3 of those, you would have unrestricted
access to download and execute code on the client machine without any way
for the VM (flash player) to determine if the code was malicous or not.
Pushing malicous code into the sound buffer is an old and well known way to
get virus code onto a client machine, because audio streams can't be virus
checked without causing latency, which is an unacceptable cost in fields
like gaming and other types of distributed interactive media.
The screen buffer access you have is only for the Flash renderer, it
doesn't give you direct access to the system-level screen buffer (no
hardware or even OS level access). Audio goes directly to the systel-level
sound buffer to minimize latency, making it a prime target for a virus entry
point.
ryanm
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
