Adobe's Flash security too dense… for Adobe?

OK, I’m not sure how or why this is happening, but I’m now seeing Security Sandbox errors in my debug player whenever I *launch* CS4′s Flash IDE:

*** Security Sandbox Violation ***
SecurityDomain 'http://www.adobe.com/startpage/fl.swf?&lvl=1&ver=10.0.0&plat=mac〈=en&stat=full&spfx=PF' tried to access incompatible context 'file:///Masuimi%20Mac/Users/radley/Library/Application%20Support/
Adobe/Flash%20CS4/en/Configuration/StartPage/StartPage.swf'

So what’s this error? This is for the welcome menu that appears when you launch Flash.

Instead of being part of the actual application, Adobe uses a server-based swf file for the welcome screen. They probably do this so they can roll out timely information updates and promos (like “Take a feature tour” above).

The good news is that it doesn’t crash Flash. The neutral news is that I quickly max out on 100 Security warnings in my debug window. The bad news is Adobe is demonstrating to Flash developers that even Adobe’s internal development team doesn’t get what’s going on with Adobe’s obtuse security plan.

Flash security has changed *dramatically* in the past year for good reason. But those changes are clearly not documented and propagated effectively. Just by putting together this rant article I’ve discovered three more random articles on Flash security. Out in the real world, I’m seeing Flash Security Sandbox Violations pop-up all over the place, most commonly in embedded videos from YouTube and Vimeo (which I have many embedded on vj.tv).

I certainly didn’t expect to see this issue within Flash itself. I think whoever is directing Adobe’s Flash/Flex program needs to take a step back and rethink their overall communication strategy.

Leave a Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">