So what do you think of the new Local File Security sandbox in Flash Player 8?

We have been getting a lot of contact from users confused about the new Local File Security Sandbox in Flash Player 8.

Understandably, they tend not to be pleased that hosted SWFs can no longer load data from the clients’lLocal system. My thought is that his is a good thing. It reduces the likely hood a that someone intended on identity theft or just spamming you to no end, would be able to read a file they happen to know the path to on the client machine and send its contents to a server over the internet without the user being aware of it.

Also users have been, against our recommendation, distributing SWFs (not projectors) through email so much that I would say it was a good idea to support standalone SWFs in Flash 8. While this concept is convenient it does exposes less tech savy end users to some risks. The new LFS security restrictions allow users to distribute SWFs with the least risk to the end user.

It would seem that some developers have created some clever applications that took advantage of Player 7 less restrictive nature and now that their content is broken they are looking for solutions.

I can say that only safe thing you can do is to request the user download or install some SWF to run from the end users’ local machine. That can either be your main application that then talks to your server or some “utilityâ€? SWF that can be used to perform tasks on behalf of the hosted SWF. (Be sure to check the DevNet article about Player 8 Security)

This is going to require some additional development work, or some forethought before publishing, regardless of if you have an application that requires a hybrid local and network access, or if you just want to email your friends a SWF that loads your vacation picture slide show.

I tend to think security is more important then convenience so long as it does not go overboard, but everyone has a difference of opinion of what overboard is.

I would like to hear yours.

Is it more important to have convenience and ease of use (end user beware) or strong security (with all the hassles that come with it)?