I think java has resolved the security issue by introducing signed
applets that must ask for extra permissions.
And these settings can be saved for future reference.
Maybe flash could do the same.
- rami
On 17.8.2010 0:57, Raju Bitter wrote:
https://bugs.adobe.com/jira/browse/FP-2112
"The security concern is that it easy for attackers to spoof native
UIs (e.g. fake the Windows 'screen locked' or UAC prompts and steal
user's info)and attempt to collect passwords. We would of course like
to turn keyboard support on, and we continue to investigate how we
could do so while protecting end users.
AIR is a different security model. You are downloading an application,
and there is a different understanding/expectation from in-browser.
Emmy
Group Product Manager, Adobe Flash Player"
https://bugs.adobe.com/jira/browse/FP-409
On Mon, Aug 16, 2010 at 11:34 PM, Rami Ojares<[email protected]> wrote:
On 17.8.2010 0:21, Henry Minsky wrote:
Another issue is the strange restriction that all text input is disabled
in fullscreen mode.
What is the purpose of that?
It makes the fullscreen mode useless in the context of an application.
I would bet that is a security precaution, to prevent spoofing the
computer's desktop or something.
If someone is foolish enough that he can't tell the difference of his
functional desktop and some mockup version of a desktop
and starts writing his bank account passwords to some input boxes on his
desktop then I think he deserves to be robbed.
Surely flash can not emulate the desktop experience. Can it even do screen
capture?
And from what I understand now flash can even read the filesystem.
So some people at Adobe are either highly paranoid or there is something
fishy going on in here.
- rami
