Adobe, please give us a solution, we need our application today or our business cannot continue.
We know about the danger of using Flashplayer but it's our own application, we use separate computers just for this.
At least give us an old version that doesn't block our own content.
What has your business been doing for the last 3 years after the death of Flash was announced? This is very sad.
Have a look in the Adobe Admin Guide:
You can place a config file on your system where you can enable your company internals Flash application sites.
E.g. under Linux:
I hope that helps.
That's even worse. You have a business built on technology and you have done nothing as a company during the 3 years you had to make, buy or upgrade to software that does not require Flash Player. You may indeed go out of business, and that is a pity.
We did try to build it with HTML5 twice, losing a lot of money, our Flash application is big and robust.
Now we have a new team of 10 members helping us creating the new one, but it'll take another year to complete.
You cannot compare JS frameworks to Flex framework, the difference significant if you have been working on bigger projects.
In addition to the Admin guide linked below, I recommend reviewing this industry guide for "Enterprise enablement" preferences and other considerations you should review:
Thanks for the answers but somehow it doesn't read the config file /etc/adobe/mms.cfg.
I see no logs or changes.
Latest Flashplayer for Linux 64bit
I tried to reproduce this on Friday, but wasn't having a lot of luck installing Flash Player via the standard package manager. It looks like I'll have to do it manually from our generic package, and I ran out of time to mess with it.
My suspicion is that you need to set permissions on mms.cfg or the parent folder such that they're readable by the Flash Player process.
Also, Firefox 84 drops support for Flash Player. If you want to continue to get security updates for your browser, you'll want to move to the latest Firefox ESR (Extended Support Release), which will buy you a few more months of Flash support in a browser version that still gets security updates. At that point, you really want to be migrated off, or you're going to be stuck running unpatched browsers in order to keep browser plug-in support.
Were you guys able to work around this? I'm hoping the permission tip got you on the right path. I got hung up trying to coax the ubuntu package manager into doing what I wanted and realized that I hadn't gotten back to it.
If you're still stuck, I'm happy to dig into it tomorrow.
If you're on Linux and have a system version of Flash Player installed, there are some simple hacks you can do to get it running in a browser by circumventing the timebomb. This is obviously massively insecure, so I wouldn't use this trick for random Flash executables, only with your own software you created and only as a stop-gap as you work to rewrite it.
There's a package called faketime (https://packages.ubuntu.com/xenial/utils/faketime) which will let you pass whatever time you want to a process you start with it; install with sudo apt install faketime. Then you can download a separate browser to use just with your Flash apps; Pale Moon version 28.16.0 works for sure (https://linux.palemoon.org/) and can be run from a folder without an install. Then simply start the browser using faketime: faketime '2020-12-03 08:15:42' ~/Desktop/palemoon/palemoon
And from there make sure you deny any updates to Flash or the browser you're using, just to make sure it will keep going. Again all this is massively insecure so you should only be using the browser to access apps you wrote yourself as you work to migrate off Flash.
If you can use mms.cfg with Enteprise Enablement, that's way better.
The worry that we're really trying to address is the scenario when (because it's when, not if) the malware/ransomware guys find an 0-day in Flash a year or two down the road, and they start pumping out malicious banner ads to cause widespread damage on users that never update.
By limiting that unmaintained Flash Player to loading just stuff that you trust, you're making it much harder for an attacker to deploy malicious content that would actually run. By defeating the time-bomb, you're setting the player to load everything from the open web. An unmaintained Flash Player is not suitable for browsing the open web. That's just misery waiting to happen.
Given that I don't have a better solution in-hand, I don't hate this recommendation (the latest Firefox ESR still supports Flash and is probably a better choice from a browser-security perspective), but please be smart and mitigate your risk. If your configuration doesn't need to browse the web, take measures to ensure that it can't (force Firefox through a local proxy that limits access to your network, use clever routing rules, etc.).
Writing the "sorry you got hacked, nuke your computer, change all your passwords and lock down your credit file" posts are always depressing, especially when it's avoidable.