Can you provide more details on the security flaws and what you think the right approach is (but no details on your dreams about me, please...)
Alex Harui Flex SDK Developer Adobe Systems Inc.<http://www.adobe.com/> Blog: http://blogs.adobe.com/aharui From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of Gregor Kiddie Sent: Thursday, May 07, 2009 12:20 AM To: flexcoders@yahoogroups.com Subject: RE: [flexcoders] Are you using the Marshall Plan? Seeing as no-one else has replied to you yet Matt... *Disclaimer, its well known that I dislike the Marshall Plan, so feel free to dollop large amounts of healthy skepticism on my words* We do not use the Marshall plan, though we have a business case where we may have to satisfy similar conditions. * The overhead in terms of architecture that the plan demands means it's easier to bring a module built with an older version of the SDK upto the latest version than it is to rewrite it to fit into how the plan works. * I still think there are issues when sending events containing data of a type the receiving app doesn't have in it's SDK (Vectors for example). * Lastly, the security considerations are still arbitrary. It still doesn't stop man-in-the-middle attacks, it just pushes them further up the food chain (meaning that the host swf becomes the target of the attack rather than a sub app) I understand that Adobe have a healthy paranoia about security concerns. If I had my software running on 90+% of all the machines in the world, I would too! However, in my opinion, this is still the wrong approach. Oh and describing my dreams involving Alex would probably get me banned from this list and / or a court order ;) Gk. Gregor Kiddie Senior Developer INPS Tel: 01382 564343 Registered address: The Bread Factory, 1a Broughton Street, London SW8 3QJ Registered Number: 1788577 Registered in the UK Visit our Internet Web site at www.inps.co.uk<blocked::http://www.inps.co.uk/> The information in this internet email is confidential and is intended solely for the addressee. Access, copying or re-use of information in it by anyone else is not authorised. Any views or opinions presented are solely those of the author and do not necessarily represent those of INPS or any of its affiliates. If you are not the intended recipient please contact is.helpd...@inps.co.uk ________________________________ From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On Behalf Of Matt Chotin Sent: 06 May 2009 19:24 To: flexcoders@yahoogroups.com Subject: [flexcoders] Are you using the Marshall Plan? Are you building apps in a modular fashion where those modules need to support different Flex versions? Do you have nightmares where Alex is explaining SecurityDomains and ApplicationDomains and SWFLoader.loadForCompatibility? Please let me know (email me at mcho...@adobe.com<mailto:mchotin%40adobe.com>), we're trying to evaluate some pain points and whether I need to bribe the Player team to solve them ASAP or if it can wait a release. Matt