Rick, Thanks for the great response...I see what you are saying. It's a delicate balance. If users responsibly read and answered a "trust" dialog with a signed certificate, this would not be an issue. If the user says that they trust you, why not have access to their system. This is what any other 'installed' application can do.
However, if users don't react responsibly and just trust these dialogs willy nilly there could be wide spread panic that Flash apps are no longer to be trusted, etc, etc. Just thinking that Flex apps could be even cooler if we could get past this problem somehow. Gary --- In flexcoders@yahoogroups.com, "Rick Winscot" <[EMAIL PROTECTED]> wrote: > > Gary - anything is possible with a little creativity! Keep in mind that the > Flash sandbox doesn't 'lock you down' in any way shape or form. It is merely > a mechanism to restrict domain/port access to resources. I see where you are > going with this. but hang with me - > > > > If you were to add, say, file system access to Flex. you would inherit all > the overhead of a framework that supports file system access. How do you > control access rights to files? Could I, from a Flex app search your hard > drive? Delete all your system files? Examine your browser history? Once you > think of the implications of granting someone this kind of power. it makes a > great deal of sense by default to deny access to all but limited read only > operations (i.e. URLLoader). How do you think Internet users would react if > they knew that any website or email with a 1px by 1px flash movie embedded > in it could do this kind of thing? Absolute power corrupts absolutely. > > > > If you _need_ to touch the local file system or similar. then moving to AIR > is your next choice. But realize that this is _not_ a carte blanche ticket > to access. I highly recommend you read the April Flash Player Security > Update leaf. AIR adds many cool local features - but still has to play nice > with Flash security. > > > > Rick Winscot > > > > > > From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On > Behalf Of toofah_gm > Sent: Friday, April 04, 2008 10:29 AM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Allow Flex apps to live outside the "sandbox" > > > > I totally understand the "sandbox" issues associated with Flex apps, > but wonder why Adobe doesn't provide a secure way to allow apps to get > outside this sandbox with a Flex app. > > Obviously this can be accomplished in an AIR app, but what if I want > to keep things simple? It seems a lot simpler for customers to use my > Flex app inside of my web page than to 'install' an AIR app, something > that they are not familiar with. > > Since Adobe has the technology and now has the API to allow AIR apps > to be outside of the sandbox, why not expose this in Flex? Allow > developers to sign their Flex app. Then provide the user with a > certificate and ask them to trust the app, if they do, let the app > play outside the sandbox. This is kind of what can be done in a java > applet. > > What do you think? Am I out in left field? > > Gary >
