• Acetamide@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    As Flash was known for it having more holes than a Swiss cheese, how is Ruffle in terms of security?

    • hitwright@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      To be fair it’s a flash drop in replacement. It isn’t supposed to be secure by design, just like flash.

      • Korne127@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        It is, the whole purpose of Ruffle is to play flash files, but without a security threat (which is the whole reason Flash doesn’t exist anymore).

    • duncesplayed@lemmy.one
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I expect it to fair much better than Flash. 808/1020 (79%) of the CVEs reported against flash were for memory errors (buffer overruns and things) that allowed remote code execution. So, assuming the Ruffle developers haven’t been using “unsafe”, just writing it in Rust immediately removes 80% of the security problems that were with Flash.

      Also, many of the security problems with Flash were deliberate (by design). For example, Flash was designed to send your browser fingerprint to advertising sites. Ruffle obviously doesn’t do that.

    • Korne127@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      It’s running in a sandbox afaik, and the goal is to replace Flash but stay secure. Since it uses Web Assembly, you can’t use Ruffle in any way to create any security threat, you couldn’t create without using Ruffle. (Different to Flash, which created tons of new security threats, even leading to the plugin being disable).