the flash app is potentially dangerous application. so is its data. only data retrieved from the server is trusted (as long as i trust the site url). in other words, the site gives trusted data and untrusted apps (like flash, javascript or java applets), untrusted apps can produce only untrusted data. (for example i could write an app that will make jpg with broken structure that will cause buffer-overflow and eventually virus injection - if i upload/download this broken image via server I at least could blame the site owner)
anyway, you could use Adobe Air for such kind of things :) > I think I'm mostly with you on this one - the situation we have now is ridiculous - flash and flex developers routinely getting around the sandbox using what effectively are workarounds using other technology to implement file-saving. > > I can understand why the sandbox is there and why Adobe might be reluctant to give way on the file-saving issue - the last thing we need is to have the flash player dubbed as some unsafe platform. It may be that the real problem is not a technical objection but a political one - to save the player from adverse publicity. > > If the file save feature were to be allowed, it would always have to be interactive, though perhaps the dialog could be allowed to save several files in one go and we could also perhaps live with it only saving certain file types (or issue dire warnings about writing some others such as .bat or .exe files). > > Inevitably some users will always just say 'yes' to giving permission to write, simply because they aren't that savvy about OS technicalities. I wonder if there could be a mini-sandbox that would protect the user from malicious code trying to write to OS sensitive areas? > > For 90% of the use-cases for writing files, I think restricting writing to graphics file types and perhaps xml and non-executable files would make developers more than happy.
