Disabling local-with-filesystem access in Flash Player 23

-

with recent changes in flash 23 disable, still allow opt out @ user level, or enable legacy @ system level via mms.cfg enableinsecurelocalwithfilesystem=1 setting, curious how enforcing default behavior , preventing users trusting files done.

 

i tested enableinsecurelocalwithfilesystem=0, hoping prevent users making changes , trusting content, did not appear work.

 

i thought creating master settings.sol file , using overwrite users settings.sol file, feels bad idea override file since don't want step on of user's settings/freedoms, 1 security related setting.

 

so, how can new default behavior enforced @ system level? additionally, there timeframe when legacy mode removed permanently without work around?

that's interesting suggestion.  i'd happy nominate feature future release.  make lot of sense, , aligns other administrative capabilities disabling camera/mic access across organization.

 

we know fact there lot of educational materials still in world rely on local filesytem or cd-rom playback (i know... educational , industrial training videos long-lived), , we've heard lot of folks week have been impacted.  goal flipping default, reduce attack surface.  herd immunity, etc.

 

for it's worth, @ point, user have actively download malicious, crafted swf, add local trusted sandbox, , run local filesystem in order encounter attack, @ point, pop permission dialog each request made swf remote server.  while nonzero, remaining attack surface constrained, , strikes reasonable balance between functionality , security.

 

microsoft edge has done away loading files local filesystem.  if attempt it, they'll launch ie compatibility purposes.  i'm curious see whether particular feature novelty, or if it's change mirrored across modern browser space.



More discussions in Using Flash Player


adobe

Comments

Post a Comment

Popular posts from this blog

Illustrator CS6 Ocurrío un error E/S en el archivo.

-
este error me me sale cada ves que guardo un archivo que ya estado trabajando varias veces, sale cuando ya esta finalizando el proceso de guardar, ya probe cambiar nombre del archivo, ubicación de guardado, convertí curvas las fuentes y sigue saliendo el mismo error, no se que mas hacer, si alguien le ha sucedido y sabe como solucionarlo por favor ayuda. versión exacta (acerca de illustrator) de illustrator? versión sistema operativo?   guardas en el disco duro principal del ordenador o en otro disco, memoria pendrive,...? ese disco que clase de disco, modelo, antiguedad, espacio libre,...? More discussions in Foro en español adobe
Read more

Why is os_ViewContainer running?

-
when open illustrator (cc) opens window os_viewcontainer cannot view or close. shows in taskbar second window illustrator when mousing on ai icon. have tried select no luck. have tried clear using red x, no luck. close when close illustrator. wondering why there , if should concerned. oh, running windows 10. hi ccsachs,   as per query when launch illustrator opens " os_viewcontainer "   i request please share screenshots along below-mentioned details:   exact version of illustrator  graphic card using , when updated last time how performs in safe mode? ( https://support.microsoft.com/en-in/help/12376/windows-10-start-your-pc-in-safe-mode ) if works fine in safe mode please share antivirus using?   regards srishti More discussions in Illustrator adobe
Read more

Animate - problem with duplicating scripts after loop

-
hi all,   i have problem simple button script @ first frame. fine when timeline playing first time. after when timeline loops , stop again @ 0 frame button script fireing 2 times, when loops third time fireing 3 times etc...   here script:   this.stop(); exportroot.mc_cta.cursor = "pointer";   this.mc_cta.on("click", clickfunc.bind(this));   function clickfunc() {     console.log("clicked");     eb.useractioncounter("clicked");     exportroot.gotoandplay(1); }   anybody ideas? wrong?   thanks! kris use:   this.stop(); exportroot.mc_cta.cursor = "pointer";   if(!this.alreadyexecuted){ this.alreadyexecuted=true; this.mc_cta.on("click", clickfunc.bind(this));   function clickfunc() { console.log("clicked"); eb.useractioncounter("clicked"); exportroot.gotoandplay(1); } } More discussions in Adobe Animate CC - General adobe
Read more