On 7/13/12 1:25 PM, "Bertrand Delacretaz" <bdelacre...@apache.org> wrote:
> On Fri, Jul 13, 2012 at 9:40 PM, Alex Harui <aha...@adobe.com> wrote:
>> On 7/13/12 12:07 PM, "Dave Fisher" <dave2w...@comcast.net> wrote:
>> ....It is optional, only those wishing to create components for Flex via
>> Flash
>> Pro need to use it.
>>
>>> Is there a reasonable way to for a user to validate this FLA?
>> Maybe I don't understand what it means to validate. If you open the FLA in
>> Flash Pro you can see what is in it....
>
> What I meant is: how can a user be assured that that FLA, as binary
> file, won't harm their system or contain a trojan or something like
> that. Any developer who knows the language can check such things on
> source code, whereas it's much harder for binaries - so how about that
> particular file?
>
> (again, I'm clueless about the FLA format - if someone can tell me
> that such files cannot possibly contain bad stuff I'm fine with that).
>
> -Bertrand
I don't think a FLA can harm your system. If you open it in Flash Pro, it
will just sit there. I don't know of any way to have it execute a startup
script (which I don't think is necessarily true for an MS Word file).
I assume we aren't worried about an attack on folks who double-click to open
a file?
Now if you generate the SWF from the FLA file and run it, it could do some
damage, but I assume we expect someone to introspect the project before just
running it?
--
Alex Harui
Flex SDK Team
Adobe Systems, Inc.
http://blogs.adobe.com/aharui
