Ok stop me if I'm wrong but this is my rationale. The browser, which is a trusted application, cannot access the file system without direct command of the client. The user has to actually click the button to initiate. Being that HTML is a document and not a programming language, the only executable logic run is through Javascript. Javascript has limited access to the browser's API and cannot initiate this. Now most government institutions do not even allow javascript. It's the policy to disallow any client side code that isn't approved.
Now, Flash also runs client side code of sorts. Except right now, the only thing it can touch outside of itself, is the client vars added in MX. Although, I agree it's still completely safe, Flash is getting to the point where anything more and security may come into question. So I can see the government saying, ok it is running client side code, but it's completely contained within itself. To move forward Flash would need to access either the browser's API or the directly the OS. I think the more ways Flash has to communicate outside of itself, the more insecure it will be deemed. Of course the government over reacts about security. I mean how much damage can Javascript really do? But alas, they still don't allow it. Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -----Original Message----- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2003 5:04 PM To: CF-Talk Subject: Re: Macromedia.Com (The new site?) Adrocknaphobia Jones wrote: > > But isn't this where the conflict lies? If Flash is to have file > uploading, it means it would need some way to access the client's disk > (outside of the cookie-esque system in place). But isn't that where > security issues would come in to play? Now I would have an application > (not an inactive HTML form control) that could access my disk. I always > assumed this is why this functionality was left out of Flash. I would > almost guarantee that the government would disallow the flash plug-in if > this was the case. Does the government disallow browsers? Browsers are applications that can access the file system :-) Just program Flash to behave according to the security rules specified in the HTTP and HTML standards. Or make Flash leverage the file uploading capabilities of browsers in some clever way through direct API access. The bottom line is that the government trusts IE, so there is no reason they should not trust Flash even if the built-in security is half backed (although I would appreciate it if it was a bit better as what is in IE). Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
