Buffer overrun protection

Enabled automatically, this feature prevents the intentional misuse of external files in a Flash document to overwrite a user’s memory or insert destructive code such as a virus. This prevents a document from reading or writing data outside the document’s designated memory space on a user’s system.

Exact domain matching for sharing data between Flash documents

Flash Player 7 and later enforces a stricter security model than earlier versions. The security model changed in two primary ways between Flash Player 6 and Flash Player 7:

Exact domain matching

Flash Player 6 lets SWF files from similar domains (for example, www.adobe.com and store.adobe.com) communicate freely with each other and with other documents. In Flash Player 7, the domain of the data to be accessed must match the data provider’s domain exactly for the domains to communicate.

HTTPS/HTTP restriction

A SWF file that loads by using nonsecure (non-HTTPS) protocols cannot access content loaded by using a secure (HTTPS) protocol, even when both protocols are in exactly the same domain.

For more information about ensuring that content performs as expected with the new security model, see Understanding Security in Learning ActionScript 2.0 in Adobe Flash.

Local and network playback security

Flash Player 8 and later include a security model that lets you determine the local and network playback security for SWF files that you publish. By default, SWF files are granted read access to local files and networks. However, a SWF file with local access cannot communicate with the network, and the SWF file cannot send files or information to any networks.

Allow SWF files to access network resources, letting the SWF file send and receive data. If you grant the SWF file access to network resources, local access is disabled, protecting information on the local computer from potentially being uploaded to the network.

To select the local or network playback security model for your published SWF files, use the Publish Settings dialog box.