Opera deletes Flash security settings when I "clear browsing data" and yes, IT IS an Opera problem

utfo

utfo last edited by

I set Flash security settings on this adobe page :

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

These settings are reset to default when I "clear browsing data".

This is a security flaw that I first reported back when Opera 32 stable was released. It still hasn't been fixed in Opera 34 stable.

It only happens if you have checked "Delete cookies and other site data" under "Clear browsing data".

It's ridiculous that if you want to delete cookies, you also reset Flash security settings. And how many people even know that they reset their Flash security settings when they deleted cookies?

It's an Opera problem. The Flash settings are stored in a file named settings.sol which is buried deep in the Pepper Flash folder. There's no reason for Opera to do anything to this file.

Beware.

blackbird71

blackbird71 last edited by

...
The Flash settings are stored in a file named settings.sol which is buried deep in the Pepper Flash folder. There's no reason for Opera to do anything to this file.
...

Unless, of course, one is clearing out all the specific site-visited Flash-Cookie 'settings.sol' files in that folder and any of its subfolders in order to "delete cookies and other browsing data", which would wipe out the primary Flash 'settings.sol' file as well.

utfo

utfo last edited by

Unless, of course, one is clearing out all the specific site-visited Flash-Cookie 'settings.sol' files in that folder and any of its subfolders in order to "delete cookies and other browsing data", which would wipe out the primary Flash 'settings.sol' file as well.

Which shouldn't happen. Deleting cookies shouldn't reset Flash security settings.

leocg

leocg Moderator Volunteer last edited by

I've just checked with Vivaldi and it does the same. So either a Chromium issue or a Flash one.

blackbird71

blackbird71 last edited by

  Unless, of course, one is clearing out all the specific site-visited Flash-Cookie 'settings.sol' files in that folder and any of its subfolders in order to "delete cookies and other browsing data", which would wipe out the primary Flash 'settings.sol' file as well.

Which shouldn't happen. Deleting cookies shouldn't reset Flash security settings.

By design, PPAPI Flash doesn't have an ability to see normal system files; instead, it can only see a few special Flash/browser-related files in its own little sandbox. PPAPI Flash's settings can be adjusted when a browser visits the appropriate Adobe website and are saved on a computer in a settings.sol 'Flash cookie' file, just like any other Flash cookie (all of which are called settings.sol, each being placed in a subfolder named by the originating website URL so the right cookie can be called up by Flash whenever the associated URL is visited). Since there is no guarantee what URL Adobe will use for its Flash settings panel in some future day, in all practicality, the Flash URL can't be hard-coded into a browser to 'skip' deleting its 'cookie' when all the other Flash cookies are deleted by a user for privacy protection. What would you suggest a browser do under those circumstance?

burnout426

burnout426 Volunteer last edited by

For one, the Clear Browsing Data dialog/page should have a separate checkbox for flash if flash is detected. It shouldn't be lumped in with the delete cookies choice.

Since there is no guarantee what URL Adobe will use for its Flash settings panel in some future day, in all practicality, the Flash URL can't be hard-coded into a browser to 'skip' deleting its 'cookie' when all the other Flash cookies are deleted by a user for privacy protection.

Currently it's the macromedia.com entry in the pepper data folder that contains the settings.sol for the global settings set on the linked page, right?

If so, it sounds like it's definitely doable to provide a sub-checkbox *option* to control whether it gets saved or not when checking the clear flash checkbox.

Since there is no guarantee what URL Adobe will use for its Flash settings panel in some future day, in all practicality, the Flash URL can't be hard-coded into a browser to 'skip' deleting its 'cookie' when all the other Flash cookies are deleted by a user for privacy protection. What would you suggest a browser do under those circumstance?

Sounds like the domain should live in a file that can be remotely updated if the domain changes. Or, it should be provided by the plug-in in some way (where you update the plug-in if the domain changes).

I definitely thinks there's something that could be done, even if it requires cooperation with Adobe and or Google (PPAPI improvement if necessary).

Too bad there's not an extension to save the flash security settings and then auto-apply them (after you clear flash cookies) by visiting the macromedia.com page(s) and auto-submitting the changes.

Though, in the OP's case, if there was a separate delete flash data checkbox, the OP could just uncheck it when deleting browsing data and manually (or with script etc.) clear flash data while excluding the main settings. I assume there might be a little database handling though, which would make that more difficult.

Anyway, definitely sounds like a legit problem. I never adjust the flash settings on that page though, so the problem doesn't personally affect me.