In my company we have different products developed in Flex through many years, currently the SWF files are served from a Web service and users run them in a browser.
In order to guarantee a way to keep using them after 2020 we're considering using AIR. In the meantime we will consider rewriting with Web Standards.
The approach that is working for now is an AIR app that loads the SWF (using HTMLLoader).
This can work as long as the AIR version is before 22.0 where the Flash Player plugin is "embedded" in the captive runtime bundle.
After that version the Flash player plugin used is the one installed on the system.
What happens after 2020 when I guess it will be not possible to install the Flash Player on the system ?
If we "freeze" the standalone AIR app with the Flash Player plugin embedded do we need to concern with security vulnerabilities fixed after version 22 ?
Last question is more about AIR, is it possible to run the debugger Flash Player plugin in AIR ?
P.s: I'm writing here and not on AIR forum cause I found this very similar discussion on this forum:
Personally, I think you'd be better off just providing a virtualized environment (e.g. Citrix) with the prerequisites required to maintain the availability of your legacy application. This would give you an easy path forward, while keeping your engineering resources free to migrate the application to modern web standards.
thanks for answering.
In case we decide to go for a virtualized environment I guess it will be like freezing an OS and avoid any system update, browsers update and keep a specific version of Flash Player installed. Am I right ?
Is this a common approach companies with legacy Flash apps are taking while waiting for rewriting the code to Web Standards ?
Does it mean we will not be getting OS, browser or Flash security updates ? Maybe it's less problematic if we have full control on the virtualized environment but just wondering.
Think of it more like this:
The legacy machine configuration never hits the open web, and it doesn't persist indefinitely, so your risk of infection is minimized. At the same time, your actual client machines are running modern, updated software.
When you get down into the specifics, there are a bunch of ways to approach this (app containers, vms, etc), but that's the high-level idea. Companies like Citrix, VMware and Microsoft all have solutions for these kinds of problems. I'm sure there are other players too, but I'm not deep into this space. Someone currently practicing system administration professionally would be a better source for advice.