Adobe FlashPlayer 7 added several security features. I first became aware of this one as I saw a large number of HTTP 404 errors for a file named ‘crossdomain.xml’ in my webserver logs.
If you use flash on your website, I’d suggest adding an appropriate copy of this file to limit your exposure to some potential security issues.
Restricted domains
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.example.com" />
<allow-access-from domain="example.com" />
</cross-domain-policy>
Open to all domains (not recommended, but fully backward compatible)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
REFERENCES:
Categories: WebStandards, Work Tags: acrobat, adobe, cross, crossdomain, domain, file, flash, http, logs, network, policy, server, xml
Due to various security models, it can be difficult to create a simple way to copy data from a browser application into the OS’es “clipboard” with simple javascript. There are several libraries out there to assist in making this work across various platforms, most utilize Flash.
Here are a few notable methods:
Flash objects often interfere with your layering within your DHTML applications and appear above them in the DOM stacking order, standard CSS and HTML solutions do not have any impact. Fortunately there is a simple solution to this ‘problem’ thats been supported in all common browsers since MSIE4.
On <object>
<param name="wmode" value="transparent" />
In <embed ... wmode="transparent" >
REFERENCES:
Categories: WebStandards, Work Tags: browser, css, dhtml, dom, flash, html, layer, stacking, swf, wmode, z-index, zindex
Now that HTML5 support has grown, and Apple continues to resist Flash on their IOS devices, it may be advantageous to make use of the newer markup standard in your web applications.
There are currently three separate methods to convert your Flash applications:
Categories: WebStandards, Work Tags: apple, browser, convert, fla, flash, free, html, html5, ios, ipad, iphone, ipod, open-source, smokescreen, swiffy, wallaby
If you’ve been online at all in the last decade, you’ve heard of the “dangers” of HTTP Cookies. More nefarious and harder to remove are Flash Cookies as they are handled by a plugin/extension/addon to the browser and exist outside of the normal security settings.
To see or delete Flash data, you’ve got to visit the following URL:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
You will probably be suprised to see many of the sites listed, as Flash is often being used to present you with ads in addition to the interactive elements that you might expect.
REFERENCES:
I was recently working on a website that had a black/dark background and while the typical suite of browsers that I test with seemed fine, Safari showed an annoying white flash when the page was loading.
Some research into this lead to a startling discovery as I personally consider this a bug in the Safari browser’s rendering. It’s often referred to as FOUC (Flash of Unstyled Content). There are several methods that I’ve seen, most employ JavaScript or ordering of CSS files to hide the <body> prior to the page completely loading.
The simplest fix, while not elegant, is to an explicit ’style’ attribute on the <html> tag.
<html style=”background-color:black;”>
Reference:
I’ve found that a large percentage of Internet users don’t realize just how they are being tracked on a website. Most people are aware of HTTP Cookies, but very few realize that browser plugin technologies like Adobe Flash also maintain data about a user’s activities. Worse yet, while HTTP Cookies are limited to 4k, Flash can store up to 100k per website.
Clearing of standard HTTP cookies is relatively easy to do in mainstream browsers. However, while Flash is almost ubiquitous, it’s settings are not easy to locate… in fact you cannot even find them in your browser or computer settings, you have to visit a website!
When you visit this link you will first see the sites and amount of data they have stored about you,
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html
Secondly, if you look on the other tabs or follow the next link you’ll be able to control Flash access to your microphone and webcam (provided that you have them connected).
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html
Other tabs will allow you to control various settings related to updates and global security settings, as documentation is provided for each tab it should be relatively easy for you to decide which configuration you prefer in each case.
FYI – I can see some real potential for misuse of these settings if they could be altered externally by a motivated hacker.
References:
Cheers!