Could AJAX Security Vulnerabilities Mean Good News for Flex?
What interests me the most about these newly exposed vulnerabilities is the potential Flex has to step in as a safer alternative. Although Adobe has thus far been reluctant to market Flex against AJAX (instead, promoting a somewhat Frankensteinian blend of the two), one could imagine that vulnerabilities in AJAX could yield increased market share for Flex apps.
One criticism of the Flash Platform I have heard is that it's considered unsafe by many firewall administrators. The conventional wisdom among security professionals can sometimes be skewed by not understanding the format. Who would take the time to configure the Flash Player security settings across all machines on their network when they can simply block SWF at the firewall level? If they understood that the Flash Platform is safer than another technology they already commonly allow across the firewall, the decision would be made in a different context.
I don't know if there's an answer for this. I wouldn't want to part with ExternalInterface, despite its problems. My gut feel is that the AJAX vulnerabilities will amount to no big deal. After all, the same principles apply to these 'new' issues as apply to others: don't go poking about the shady back alleys of the web, scrub all data that comes into your system, etc. But I'm interested to see how all this will play out, and I'm interested to hear other people's thoughts on the subject. So, please comment!!!