incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <>
Subject Re: [VOTE] Release Apache Flex 4.8.0 - RC3 - build number 1359417 (and Flex has been trademark signed off by Adobe for donation to Apache)
Date Fri, 13 Jul 2012 20:59:20 GMT

On 7/13/12 1:25 PM, "Bertrand Delacretaz" <> wrote:

> On Fri, Jul 13, 2012 at 9:40 PM, Alex Harui <> wrote:
>> On 7/13/12 12:07 PM, "Dave Fisher" <> wrote:
>> ....It is optional, only those wishing to create components for Flex via
>> Flash
>> Pro need to use it.
>>> Is there a reasonable way to for a user to validate this FLA?
>> Maybe I don't understand what it means to validate.  If you open the FLA in
>> Flash Pro you can see what is in it....
> What I meant is: how can a user be assured that that FLA, as binary
> file, won't harm their system or contain a trojan or something like
> that. Any developer who knows the language can check such things on
> source code, whereas it's much harder for binaries - so how about that
> particular file?
> (again, I'm clueless about the FLA format - if someone can tell me
> that such files cannot possibly contain bad stuff I'm fine with that).
> -Bertrand
I don't think a FLA can harm your system.  If you open it in Flash Pro, it
will just sit there.  I don't know of any way to have it execute a startup
script (which I don't think is necessarily true for an MS Word file).

I assume we aren't worried about an attack on folks who double-click to open
a file?

Now if you generate the SWF from the FLA file and run it, it could do some
damage, but I assume we expect someone to introspect the project before just
running it?

Alex Harui
Flex SDK Team
Adobe Systems, Inc.

View raw message