Roger, Fair enough, and I appreciate your spelling out the argument -- obviously if this is a potential security hole, you can't affort to leave it open. But since the stakes are fairly high for some of your customers, I hope you agree it's at least worth investigating whether the security issues are in fact covered.
On the other front, I'm eager for your thoughts on how an FP8 facade can do the trick. Ted Patrick has a promising idea about using Loader.loadBytes() to synthesize an uncompressed FP8 facade SWF whose bytecode is dynamically tweaked to embed a local connection ID in its timeline script. That's actually the only suggestion I've heard yet that would actually solve the problem, assuming it doesn't run into some kind of sandbox issue or other unexpected player snafu. Got any other ideas, Roger? All gross workarounds are welcome at the moment if they actually work -- after all, LocalConnections and synthetic SWFs ain't exactly pretty. ... . . . . j Roger Gonzalez wrote: > I hear you, but I haven't had time to think through your use case enough > to convince myself that there isn't any way that by writing a FP8 facade > that you couldn't do the multiplexing you need on the other side of the > wall. You might be right. Not arguing on that basis. (Well, actually, > you could probably implement a TCP/IP stack using the existence/absence > of a hidden child graphic on the visual stack as your communications > mechanism, so I am ever-so-slightly arguing that I bet there's a > workaround, even if its gross.) > > I suspect that one of the big issues with supporting your request is > simply that the current cross-VM communications might allow one to > circumvent aspects of VM security. It might not, but fundamentally > unless we can find the manpower to test it (and the testing matrix here > is HUGE), its a question mark, and we can't ship with an open security > question mark, because they bite you later. > > All features need to go through a full security audit, and need to be > specced out such that we believe they will remain stable. Having > anything indeterminate or flaky or with odd side effects is simply > unacceptable, because we have an obligation to never, ever break old > SWFs. There's no such thing as "temporary". > > Given a choice between features and stability, we have to choose > stability. > > -rg > > >>-----Original Message----- >>From: flexcoders@yahoogroups.com >>[mailto:[EMAIL PROTECTED] On Behalf Of Joe Berkovitz >>Sent: Friday, February 10, 2006 7:23 AM >>To: flexcoders@yahoogroups.com >>Subject: Re: [flexcoders] embed a movieclip >> >>Roger, >> >>I just want to point out again that LocalConnection doesn't quite cut >>it, because it means you have to pass some sort of unique >>connection ID >>into an FP8 movie in order to distinguish it from other >>loaded instances >>of the same movie. The only sanctioned way to do this is via a URL >>parameter, which defeats browser caching. So we'd wind up >>performing a >>separate HTTP request for every loaded instance of the same >>FP8 movie. >>That's not going to work. And using a proxy just squeezes >>the caching >>problem into a different part of the balloon. >> >>This may sound a bit pedantic, but it's not an arcane use >>case -- it's a >>serious problem that will hold us back from launching on Flex 2 until >>Flash plays catch-up. >> >>It's not about falling in love with the limited getter/setter >>communication into FP8 movies. There's nothing much there to >>love; it >>looks to me like a false start at AVM interop that was cut >>off after it >>ran into trouble. It's just that a) it does work in its limited way, >>and b) it provides a way out of the corner that Adobe has painted us >>into with the Flex/Flash release schedule. If Adobe can commit to >>keeping it alive in its current form until Flash 9 comes out, >>that would >> solve a lot of problems. And it would shut me up. On this topic, >>anyway :) >> >>... . . . . j >> >> >>Roger Gonzalez wrote: >> >>>LocalConnection, probably with a FP8-built proxy if you >> >>didn't design >> >>>the FP8 movie for it ahead of time. >>> >>>There are limitations, but its the only safe approach I >> >>know of at the >> >>>moment. >>> >>>-rg >>> >>> >> >>-------------------------------------------------------------- >>---------- >> >>> *From:* flexcoders@yahoogroups.com >>> [mailto:[EMAIL PROTECTED] *On Behalf Of >> >>*Jason Y. Kwong >> >>> *Sent:* Thursday, February 09, 2006 3:54 PM >>> *To:* flexcoders@yahoogroups.com >>> *Subject:* Re: [flexcoders] embed a movieclip >>> >>> No, no love here. However, it does bring up the >> >>question: What are >> >>> our options if we want to be able to script a Flash 8 >> >>swf inside a >> >>> Flex2 app? >>> >>> On 2/9/06, *Roger Gonzalez* <[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>> wrote: >>> >>> Um, so don't fall in love with any of this. >>> >>> Just sayin'. >>> >>> -rg >>> >>> >>> >>> -- >>> Flexcoders Mailing List >>> FAQ: >> >>http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt >> >>> Search Archives: >>> http://www.mail-archive.com/flexcoders%40yahoogroups.com >>> >>> >>> >>> SPONSORED LINKS >>> Web site design development >>> >> >><http://groups.yahoo.com/gads?t=ms&k=Web+site+design+developme >>nt&w1=Web+site+design+development&w2=Computer+software+develop >>ment&w3=Software+design+and+development&w4=Macromedia+flex&w5= > > Software+development+best+practice&c=5&s=166> > &.sig=L-4QTvxB_quFDtMyhrQaHQ> > >>> Computer software development >>> >> >><http://groups.yahoo.com/gads?t=ms&k=Computer+software+develop >>ment&w1=Web+site+design+development&w2=Computer+software+devel > > opment&w3=Software+design+and+development&w4=Macromedia+flex&w5> > =Software+development+best+practice&c=5&s=166&.sig=lvQjSRfQDfW > udJSe1lLjHw> > >>> Software design and development >>> >> >><http://groups.yahoo.com/gads?t=ms&k=Software+design+and+devel > > opment&w1=Web+site+design+development&w2> > =Computer+software+development&w3=Software+design+and+developm > ent&w4=Macromedia+flex&w5=Software+development+best+practice&c=5> > &s=166&.sig=1pMBCdo3DsJbuU9AEmO1oQ> > >>> Macromedia flex >>> >> >><http://groups.yahoo.com/gads?t=ms&k=Macromedia+flex&w1=Web+si > > te+design+development&w2=Computer+software+development&w3> > =Software+design+and+development&w4=Macromedia+flex&w5=Softwar > e+development+best+practice&c=5&s=166&.sig=OO6nPIrz7> _EpZI36cYzBjw> > >>> Software development best practice >>> >> >><http://groups.yahoo.com/gads?t=ms&k=Software+development+best > > +practice&w1=Web+site+design+development&w2> > =Computer+software+development&w3=Software+design+and+developm > ent&w4=Macromedia+flex&w5=Software+development+best+practice&c=5> > &s=166&.sig=f89quyyulIDsnABLD6IXIw> > >>> >>> >>> >> >>-------------------------------------------------------------- >>---------- >> >>> YAHOO! GROUPS LINKS >>> >>> * Visit your group "flexcoders >>> <http://groups.yahoo.com/group/flexcoders>" on the web. >>> >>> * To unsubscribe from this group, send an email to: >>> [EMAIL PROTECTED] >>> >> >><mailto:[EMAIL PROTECTED]> >> >>> >>> * Your use of Yahoo! Groups is subject to the >> >>Yahoo! Terms of >> >>> Service <http://docs.yahoo.com/info/terms/>. >>> >>> >>> >> >>-------------------------------------------------------------- >>---------- >> >> >>-- >>Flexcoders Mailing List >>FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt >>Search Archives: >>http://www.mail-archive.com/flexcoders%40yahoogroups.com >>Yahoo! Groups Links >> >> >> >> >> >> >> > > > > -- > Flexcoders Mailing List > FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt > Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com > Yahoo! Groups Links > > > > > > > > > > -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
