Which do you preffer, developing Flash sites (with actionscript obviously) or HTML (with CSS and JavaScript)? Why? What are the advantages of using this in your opinion?

_________________
A pawn can eventually become a queen...

HTML:

* standard
* free
* non-proprietary
* open
* accessible

Flash:
* non-standard
* non-free
* proprietary
* closed
* non-accessible

I don't mind Flash for places where HTML or web browsers are lacking like online applications. YouTube, for example.

If you're developing a website, though, use HTML. It just makes sense. If you're developing a web application, then Flash can sometimes be acceptable or even preferred.

_________________
Ryan

"What difference does it make to the dead, the orphans, and the homeless, whether the mad destruction is wrought under the name of totalitarianism or the holy name of liberty and democracy?" - Gandhi

Flash player is proprietry, flash language and compiler (in the form of flex at least) is open source and standard (well, actionscript is standard as it's ECMA script the same as Javascript is. Flex is MXML + actionscript, and the MXML is converted into actionscript).

I wouldn't say flash is the thing to go for primarily though. Each has it's place, with flash/flex being able to take over where the HTML/CSS + Javascript combo falls short.

_________________
God must love stupid people, he made so many.
theraje: 'God doesn't love stupid people, they're just easier to make'
http://sharedillusions.blogspot.com

The advantage of flash provides Movie Style Animation and Effects with Events. Besides that, flash is not providing anything that can't be done with html/com.

You can't have controlled flash without first wrapping it in HTML. Unless you want to run a .swf via url and type all your commands via the Address Box using ?option=wee syntax.

Personally I hate flash sites that don't have a non-flash version. The only reason I see for using flash is for games/interactive toys and videos, other than that straight html/css is the way to go.

The biggest reason I don't like flash is because it's slow to load and uses a lot of processing power (always makes my laptop fan kick on) and not to mention it makes most browsers hang while flash loads.

_________________
My Development Blog | My Website | My Current 3d Engine

I love flash. For games that is. For websites I prefer just using CSS and javascript. Tends to be faster to code also.

_________________
/\/////////// \\\\\\\\\\\/\S
/\/////////\\ //\\\\\\\\\/\I - Assault Wars
/\///////\\//|\\//\\\\\\\/\R - - Work in Progress
/\/////\\////|\\\\//\\\\\/\I
/\///\\/////\|/\\\\\//\\\/\S

the main concerns I have with HTML based pages are:

1. HTML pages have a nature to jump from page a to page b to page c, either via a direct link, redirect or a post / get function (ignoring AJAX for a moment). This 'jumping' nature opens up a security hole for an attacker. File B 'expects' file A to post a value for example. There is (by default) nothing stopping me from creating a trojan page that posts garbage (or malicious) data to file B to either corrupt the system or gain a higher level of access than intended. Flash sites are all encapsulated into one big file like an executeable. Its more secure in my eyes. Yes, there are security measures we can take to prevent spoofing attacks, but they need to be implemented on every page, and (provided that the prevention mechanism you are using is a simple referer check) your security system may vary from server to server as some servers may not fill the right PHP server variables.

2. HTML pages allow users to view your code. I have no idea why browsers did this (probably to aid in debugging) but it makes it so simple for a potential hacker to gain an understanding of your system. Roughly 50% of it (assuming that its evenly divided between client and server processing) is right there infront of them. Admittedly they could find the file in temp internet files, but thats only because its a HTML based file again anyway. If HTML was compiled into some sort of binary and was THEN read and processed by the browser, it would be much more secure. But since HTML has become the foundation for so many other technologies, a major change like that just cant happen (well, not easily).

It seems to me that flash based websites are much more secure due to these reasons. Yes, we can attempt to plug security holes. But its much better if the holes werent there in the first place. Prevention is better than cure sort of thing. The only doubts I have with flash is that I'm unsure as to weather or not ActionScript is capable of performing the same functionality as PHP / ASP / ASP.NET / etc. Eg: communicating with databases, sending HTML based emails, eBusiness / eCommerce functionality, etc.

Call me paranoid? lol

_________________
A pawn can eventually become a queen...

Actionscript is just the internal language inside the flash that gives it javascript like functionality. Flash is not a server side com, it requires a 3rd party control or com to talk to the server or database. ASP/PHP do not as they are server side language.

Like I said before, flash is nothing more the movie animation container with javascript. Running flash is like running a webpage IN a webpage. You're running a Flash Object (which displays interactive content like buttions, etc with its own javascript language), running inside a HTML com object layer.

Edit: Not 100% on PHP, but ASP supports COM natively thru the createobject statement.

unless you gain access to the server I don't see how you can inject pages into each other, all a server does is sent out pages it doesn't get anything from the user except stuff from post data. There are some exploits in dynamic server webpages (such as php, asp etc) if the programmer is stupid and decides to let the user supply the page to load without error checking however it will only load things on the server and not from outside sources. In otherwords your biggest security holes are going to come from code-injections from post data, flash has some of these exploits as well. I would actually say static html is safer then flash or dynamic server pages.




yes and no, if you are using dynamic server pages then your only going to see the output of what it generates and most of the time it isn't very useful to view. The reason for HTML being shown is because that's what your browser parses to display your page, it's just a simple text file.

Security through obscurity is a false sense of security, flash isn't anymore secure because you can't see the code, in fact if you wanted you could disassemble the flash file to code pretty easily. Flash is also run client side which means that it has a chance of infecting your system, there have been quite some nasty things you can do with flash including remote-execution of code.

As for sending an executable instead of a text file, that would be very insecure. This is basically how virii/trojans/malware is spread for some reason another you have run an executable from the web. To have a system where you run executables on the web is saying you trust every site you visit; activeX, flash, and other client side languages are exploited enough as is and they were suppose to be secure.

As for database connections and so forth, it's much more secure on the server rather than from the client. If you do DB connections from flash then you basically have to open up your database server to the wild, doing it on the server however is much safer because only the server can connect to it.

_________________
My Development Blog | My Website | My Current 3d Engine

HTML/CSS does not allow people to "inject" anything. You're thinking about server-side scripting like PHP, ASP, etc. Static HTML and CSS is about as secure as you can get when it comes to random Web surfers (now, if someone gets your password, you're screwed - but nothing is immune from that).

Flash sites are obnoxious to the Nth degree. I like Flash games and the like, but doing an entire site in flash is entirely overkill/inappropriate. Some browsers won't be able to view your site without downloading a plug-in (which some people will refuse to do, assuming they even have the knowledge to do so). Some browsers (albeit very few) will be completely unable to view your site.

Furthermore, if you plan on using Flash for a Web site, keep in mind that Web sites aren't meant to be "awesome." They're meant to give access to content. Having your links spin around and play I'm a Little Teapot when you hover over them does nothing to achieve that end. So, if you plan to write a Flash site to make it "awesome," remember that less is more.

As for being able to view HTML, this is not a problem. It's not like there are super-secret classified algorithms involved in HTML. And, as stated before, server-side scripting stays on the server, and simply sends what the Webmaster wants viewers to see.

_________________
What most people don't understand about "enlightenment" is that it is not an end-goal; but where you find yourself just before taking a new "first step."

Proxy between client/server and I'll modify/send anything I want. Simple example is proximitron, my favorite way to bypass certain limits on the web :p. Although FireBug makes live a lot easier as well.


Anyway. Flash is often used in an very annoying way for websites that should never have been made in Flash anyway.

_________________
Serious game developer

http://www.persistentrealities.com
http://www.persistentrealities.com/vbfibre
http://www.ambiances.nl

I agree that flash is used in some fairly annoying ways... but then so are Javascript effects

The Flex framework makes doing decent apps in flash a bit easier though (and I've seen it do some things fairly easily that would be very difficult if not impossible with HTML/CSS + JS), although it can still do atrocious ones. You can also do desktop apps with flex.

And most exploits in applications take place in server side security holes. Man in the middle attacks (as almar suggested), HTML or SQL injection, cross site scripting, etc... all of these are taking advantage of security holes in the server rather than the client, and most of them target HTML and JS views because they are easier to exploit.

So yeah, I'm not as against flash as I used to be and think it has it's place. Use the tool for the task and don't religiously use hammers for everything

_________________
God must love stupid people, he made so many.
theraje: 'God doesn't love stupid people, they're just easier to make'
http://sharedillusions.blogspot.com

I think now that it is 2011, it's high time to revisit this discussion.

HTML5 is becoming a more robust platform for multimedia. HTML5 has introduced new elements, including the <audio> and <video> tags (the latter of which is still in a bit of a "format war" of its own, but I digress), and the <canvas> element that allows one to dynamically animate scripted graphics, along the lines of how ActionScript does so with a Flash element.

Most of the pros and cons remain -- see sik0fewl's post above -- but HTML5 (and JavaScript) is looking more and more like it is becoming capable of replacing Flash (whether it actually will or not remains to be seen, however). At the very least, it is a viable alternative (and in many cases, the preferable alternative). It's certainly no silver bullet to solve all the Web's problems, but at least it is getting easier to create open solutions to problems that previously were only addressed by closed approaches.

_________________
What most people don't understand about "enlightenment" is that it is not an end-goal; but where you find yourself just before taking a new "first step."

Well I like them both. But I prefer less flashy sites cause my net is like a slug! I don't like to wait
One thing I love about JavaScript/HTML5 game is that they are open to all, I can read their code and learn from others

Silverlight FTW

_________________
Bored? Head on over to my blog and see what I'm up to.

Microsoft XNA MVP

What, Microsoft Flash? Go back to your hole, you silly person.

_________________
What most people don't understand about "enlightenment" is that it is not an end-goal; but where you find yourself just before taking a new "first step."

Another reason I like HTML5 is that you don't need to install/update plugins like Flash/Silverlight.

And I also believe using more plugins slows a PC down.

"slow down" is subjective. Does it really matter if running a plugin uses resources that are being unused anyway? Nope. Unless your PC is being maxed out already and the extra resource requirement kills your machine (highly unlikely) this argument is invalid.

_________________
Bored? Head on over to my blog and see what I'm up to.

Microsoft XNA MVP

That's the kind of philosophy that causes a Windows 7 install to occupy all of your unused hard drive space. Oh well, it wasn't being used anyway.

_________________
What most people don't understand about "enlightenment" is that it is not an end-goal; but where you find yourself just before taking a new "first step."

Apples to Oranges.

_________________
Bored? Head on over to my blog and see what I'm up to.

Microsoft XNA MVP