If you have missed it : A Note for Testing SCORM conformance of a Flash Content in ADL Test Suit

One of my friends a newbie in Flash –Scorm development, told me about an issue that he had downloaded the flash scorm demonstrator but it failed in his testing which was done using ADL Test suit 1.2.7 , even though the simulation that was downloaded along with the file from the ADL site showed clearly the communication being done between the demonstrator swf and the Test Suit. I am posting the the following for those who have faced a similar problem and have happened to miss the points regarding Flash Player sandbox security issues specially those using a Flash Player 8.plug-in in there browser. There are some who are in Flash – SCORM development, and had faced the problem that while using either FSScorm template (for swf files published with Flash Player 7 or lower but running in Flash Player 8 or higher version ) or the External Interface API (for swf files published and viewed in Flash Player 8 or higher ) that using ADL Test Suit , data communication is not being made in the testing run time environment and they see a pop-up security alert saying that the swf is trying to access an intenet enabled location or a similar message.

flash player security alert

 This is actually due to the new security model introduced since Flash Player version 8, where you can now find two options – Local Playback and Network Playback security. So for older versions of swf files this was not the case, and therefore the communication was not possible in the ADL Test suit runtime in the higher version of Player starting from version 8. The result is the developer at the first instance is not able to test his/her Flash content that depends on Flash JavaScript communication for SCORM conformance in the test suit.

Developers like Josh have raised this issue in ADL forums: http://www.adlnet.org/forums/messageview.cfm?threadid=2311&catid=70&messid=92480&forumid=2

“My concern about the new security model is more based on the fact that I cannot test my SCORM courses for compliancy using the SCORM conformance test suite. I have a Flash course that communicates to the API wrapper using the Flash/Javascript Integration Kit. The Test Suite requires that it test a course that is running on the local file system, which is now restricted by Macromedia from making Javascript calls from Flash. When my course is running on a server, I can make all the JS to Flash calls I need, but if the course is running from the file system, I can’t make any if I use the Flash 8 plugin. So, I’m stuck in a cyclical bind where my courses work from a server, but I can’t test them in the Test Suite to verify that they are conformant.”

The workaround to it is not difficult and the clue to it is already there in the Flash Player sandbox security settings. A typical approach for this is to tweak your Flash Player security settings using the Settings Manager . The end user has to use the Settings Manager to set local file security to “Always Allow” and they have to add the path to the file as a trusted path. The default is ‘always ask’. Change that to ‘Always Allow’.Then add the path to your local content to the trusted locations. For example, if your content is on a CD-ROM then you’d add the path to the CD (for example, “G:/”) or any other Local Hard drive. Doing these two things is essentially enabling a local Trust File. Settings manager then writes the trust file settings for you, to the #SharedObjects (this data is obfuscated so nobody can crack it) But this process is for them who have their system connected to internet , as Settings Manager is not available offline. Those who does not have a internet connection must follow any of the following methods:

You can create a trust file in C:\Documents and Settings\\Application Data\Macromedia\Flash Player\#Security\FlashPlayerTrust. The name of the file can be whatever you want. The only minimum thing in the file is one line of text that’s the path you want to trust. Additional paths can be one per line. Do this if you just want to set up trust for one unique user account on that machine.

OR

You can create a trust file in C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust. The only minimum thing in the file is one line of text that’s the path you want to trust. Additional paths can be one per line. This sets it for all the users on this machine. The catch here is that you have to be an admin on the machine to create this trust file.

For a more detailed guide on setting up a trust file follow the tech-note at Adobe site : http://www.adobe.com/go/1165eb90  

For Flash Player 9 settings follow: Adobe Flash Player 9 Security Whitepaper at www.adobe.com/devnet/flashplayer/articles/flash_player_9_security.pdf 

To set up a trust file in Linux based system for Flash Player 9 follow the steps provided in Abdul’s site here: http://www.abdulqabiz.com/blog/archives/flash_and_actionscript/flash_player_trust_f.php  

Advertisements

2 thoughts on “If you have missed it : A Note for Testing SCORM conformance of a Flash Content in ADL Test Suit

  1. “The catch here is that you have to be an admin on the machine to create this trust file.”

    AFAIR you can set this also per user (C:/Docs and Settings/USER/…).

  2. I have no idea what SCORM or ADL is, but am I reading this correctly?

    Does this mean that if you’re using External Interface and you try to view the content locally, instead of online, then scripting in/out of Flash with JavaScript via the external interface doesn’t work unless you manually tweak the browsers or the Flash players security settings ?

Comments are closed.