Flash 10 Security Changes Good and Bad, Mostly Good (Full Screen Input, RTMFP, Clipboard, Local Save and Load)

Flash 10 security changes requiring user interaction are pretty breaking but they are for good reason.  Still though, the user could be inundated with prompts much like UAC on Vista. But, it is necessary otherwise security holes can be troublesome with the flash player and the “sandbox” of the web.  Much like Java signing, Active-X acceptance, and thus local file access, these actions need some user approval, it is that liability thing.

But what is a bit lost in this is some of the new support specifically for game development and app development.

Support for things like RTMFP which is bringing UDP support to flash.  UDP and reliable UDP (ordered) is really needed when it comes to larger scale networking applications and support for p2p apps.  Games for instance, that are large like MMOs and highly interactive real-time engines, need UDP to be able to scale.  So this is pretty useful, yet it currently looks like it is tied to Flash Media Server.  It appears Adobe is staying ahead of SmartFox, Red5 and OpenFMS with stuff like this.

Another great move in the way of security updates for Flash 10 for games is the allowing input from keyboard keys while in full screen mode. All these games and apps look pretty sweet in full screen until you try to use them.  There is only support for “Tab, the Spacebar, and the (up, down, left, right) arrow keys” but that is a start.  Enough keys for a casual game.  But still most keys could safely be used it must be a multi-platform support thing.

Limited full-screen keyboard input

Currently Flash Player does not allow keyboard input when displaying content in full-screen mode. Flash Player 10 beta will change this, allowing for a limited number of keys to be usable in full-screen mode. These include Tab, the Spacebar, and the (up, down, left, right) arrow keys.

Flash 10 is getting local save and load, this is great for any type of online editor, game or application. The ability to work on a file immediately without the server round trip initially is great.  I hope this is extended much further to local save and load with very high limits, there has been some confusion on the file size limitations here. Ideally this would be extended much further if the product direction is right. Typically making apps or games with more than 5-25MB of content quickly become non-economical in bandwidth such as gaming assets due to browser cache size limitations (defaults IE=50MB, Safari 5-25MB, FF3=50MB), I wish there was a better way to allow local saving for long periods of time.  Almost installing apps via flash with extended cache, talk about killer app feature. Downloading 10 MB of gaming assets that you know will be there for the month rather than the day.

Paste events can read the clipboard.  Using the clipboard is another great useful tool in applications and online editors.

Data can be read from the Clipboard inside a paste event handler

In Flash Player 9, the system Clipboard could not be read at any time. With Flash Player 10 beta, the new ActionScript 3.0 method Clipboard.generalClipboard.getData() may be used to read the contents of the system Clipboard, but only when it is called from within an event handler processing a flash.events.Event.PASTE event.

So yes, the security user interaction changes do break current features but it also takes this platform a bit more into secure applications and game features from security changes, hopefully these features are extended much further but they are on the right track.

Tags: , , , , , , , , , , , ,

  • xxx

    > But still most keys could safely be used it must be a multi-
    > platform support thing.

    No, it’s security thing. So that a rogue flash app cannot imitate your desktop and dupe you into entering your password, for example.

  • http://drawlogic.com/ drawk

    True it is a security problem, we all saw the full screen sample that showed how you could freak out a user. But still, there can be other ways of notifying the user once per site or allow to enter keys. Full screen isn’t all that great anyways but for games or video. These things will warrant more buttons than the arrow keys tab and space.

  • http://wonderwhy-er.deviantart.com wonderwhy-er

    All those things are great. My hope too is that open server platforms will catch up to adobe server and provide RTMFP

    Also introduction of this “allow after user interaction” allows us to use local files. Like writing a small utility that saves game replay to flv to local disk while you play :D

  • Darren

    “I wish there was a better way to allow local saving for long periods of time”

    There is – the developer just has to publish the game as an AIR app.

  • http://drawlogic.com/ drawk

    Yeh but without AIR :) AIR is cool but web based games, apps etc it would be nice if the flash player had a larger local storage beyond shared objects and handled files directly. AIR requires another install for most people as where providing this in flash would just be a prompt.

  • Pingback: Link Post Sunday 10/5 | Mr Sun Studios

  • Bill Gates

    hello my fellow users go to microsoft.com and download silverlight.