On Tue, Apr 9, 2013 at 8:18 AM, Russell Warren <[email protected]> wrote:
> When deploying Flex applications on a company intranet, how are people > dealing with IT departments who don't want Flash installed on any corporate > machines for security issues (or whatever excuse they may have)? > > A nice and clean answer would be to have some easily implementable way to > have a global policy that restricts the flash player to only run content > from a whitelisted set of domains (intranet, trusted external sites, etc). > Is this possible? > > This must be fairly common for behind-the-firewall Flex apps, but I'm > unable to find any solutions so far. What are people doing? > > Russ > There are a few decent admin guides for Flash Player available here: [1], [2], [3] These documents also have links to quite a few resources regarding security, sandboxes, settings admin, etc. I think these should help a lot. But I have definitely seen clients who don't want to upgrade Flash Player at a given point for various reasons. The best argument against this would be that newer flash players have important security bug fixes. Here is a security bulletin listing important fixes for FP vulnerabilities [4] Be careful with this argument though, it could cut both ways :-) Thanks, Om [1] http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_11_5_admin_guide.pdf [2] http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_windows8_admin_guide.pdf [3] http://helpx.adobe.com/flash-player/kb/administration-configure-auto-update-notification.html [4] http://www.adobe.com/support/security/#flashplayer
