Package legacy Flex app in AIR

Report · Jun 06, 2018

Hi,

In my company we have different products developed in Flex through many years, currently the SWF files are served from a Web service and users run them in a browser.

In order to guarantee a way to keep using them after 2020 we're considering using AIR. In the meantime we will consider rewriting with Web Standards.

The approach that is working for now is an AIR app that loads the SWF (using HTMLLoader).

This can work as long as the AIR version is before 22.0 where the Flash Player plugin is "embedded" in the captive runtime bundle.

After that version the Flash player plugin used is the one installed on the system.

What happens after 2020 when I guess it will be not possible to install the Flash Player on the system ?

If we "freeze" the standalone AIR app with the Flash Player plugin embedded do we need to concern with security vulnerabilities fixed after version 22 ?

Last question is more about AIR, is it possible to run the debugger Flash Player plugin in AIR ?

Thanks

P.s: I'm writing here and not on AIR forum cause I found this very similar discussion on this forum:

https://forums.adobe.com/message/9753600#9753600

Report · Jun 06, 2018

Personally, I think you'd be better off just providing a virtualized environment (e.g. Citrix) with the prerequisites required to maintain the availability of your legacy application. This would give you an easy path forward, while keeping your engineering resources free to migrate the application to modern web standards.

Report · Jun 07, 2018

Hi Jeromie,

thanks for answering.

In case we decide to go for a virtualized environment I guess it will be like freezing an OS and avoid any system update, browsers update and keep a specific version of Flash Player installed. Am I right ?

Is this a common approach companies with legacy Flash apps are taking while waiting for rewriting the code to Web Standards ?

Does it mean we will not be getting OS, browser or Flash security updates ? Maybe it's less problematic if we have full control on the virtualized environment but just wondering.

Bye

Report · Jun 07, 2018

Think of it more like this:

You take a snapshot of a clean machine that has all of the prerequisites necessary to run your legacy application.
Your clients run modern operating systems with secure configurations.
When your clients want to use the legacy application
- They use a client utility similar to remote desktop, which connects to a server instance
- The server spins up a clean instance of that snapshot, for the purpose of using that application
- When the user is done, the virtual instance goes away

The legacy machine configuration never hits the open web, and it doesn't persist indefinitely, so your risk of infection is minimized. At the same time, your actual client machines are running modern, updated software.

When you get down into the specifics, there are a bunch of ways to approach this (app containers, vms, etc), but that's the high-level idea. Companies like Citrix, VMware and Microsoft all have solutions for these kinds of problems. I'm sure there are other players too, but I'm not deep into this space. Someone currently practicing system administration professionally would be a better source for advice.

Adobe Community

Package legacy Flex app in AIR