Flash 10 Security Changes Good and Bad, Mostly Good (Full Screen Input, RTMFP, Clipboard, Local Save and Load)
Flash 10 security changes requiring user interaction are pretty breaking but they are for good reason. Still though, the user could be inundated with prompts much like UAC on Vista. But, it is necessary otherwise security holes can be troublesome with the flash player and the “sandbox” of the web. Much like Java signing, Active-X acceptance, and thus local file access, these actions need some user approval, it is that liability thing.
But what is a bit lost in this is some of the new support specifically for game development and app development.
Support for things like RTMFP which is bringing UDP support to flash. UDP and reliable UDP (ordered) is really needed when it comes to larger scale networking applications and support for p2p apps. Games for instance, that are large like MMOs and highly interactive real-time engines, need UDP to be able to scale. So this is pretty useful, yet it currently looks like it is tied to Flash Media Server. It appears Adobe is staying ahead of SmartFox, Red5 and OpenFMS with stuff like this.
Another great move in the way of security updates for Flash 10 for games is the allowing input from keyboard keys while in full screen mode. All these games and apps look pretty sweet in full screen until you try to use them. There is only support for “Tab, the Spacebar, and the (up, down, left, right) arrow keys” but that is a start. Enough keys for a casual game. But still most keys could safely be used it must be a multi-platform support thing.
Limited full-screen keyboard input
Currently Flash Player does not allow keyboard input when displaying content in full-screen mode. Flash Player 10 beta will change this, allowing for a limited number of keys to be usable in full-screen mode. These include Tab, the Spacebar, and the (up, down, left, right) arrow keys.
Flash 10 is getting local save and load, this is great for any type of online editor, game or application. The ability to work on a file immediately without the server round trip initially is great. I hope this is extended much further to local save and load with very high limits, there has been some confusion on the file size limitations here. Ideally this would be extended much further if the product direction is right. Typically making apps or games with more than 5-25MB of content quickly become non-economical in bandwidth such as gaming assets due to browser cache size limitations (defaults IE=50MB, Safari 5-25MB, FF3=50MB), I wish there was a better way to allow local saving for long periods of time. Almost installing apps via flash with extended cache, talk about killer app feature. Downloading 10 MB of gaming assets that you know will be there for the month rather than the day.
Paste events can read the clipboard. Using the clipboard is another great useful tool in applications and online editors.
Data can be read from the Clipboard inside a paste event handler
In Flash Player 9, the system Clipboard could not be read at any time. With Flash Player 10 beta, the new ActionScript 3.0 method
Clipboard.generalClipboard.getData()may be used to read the contents of the system Clipboard, but only when it is called from within an event handler processing aflash.events.Event.PASTEevent.
So yes, the security user interaction changes do break current features but it also takes this platform a bit more into secure applications and game features from security changes, hopefully these features are extended much further but they are on the right track.
Tags: ACTIONSCRIPT, ACTIONSCRIPT3, AS3, clipboard, FLASH, FLEX, future, GAMEDEV, local, MARKET, network, RTMFP, udp