| Programming ActionScript 3.0 > Flash Player APIs > Flash Player Security > Security sandboxes | |||
|
|||
|
|||
|
|||
Client computers can obtain individual SWF files from a number of sources, such as from external websites or from a local file system. Flash Player individually assigns SWF files and other resources, such as shared objects, bitmaps, sounds, videos, and data files, to security sandboxes based on their origin when they are loaded into Flash Player. The following sections describe the rules, enforced by Flash Player, that govern what a SWF file within a given sandbox can access.
For more information on security sandboxes, see the Flash Player 9 Security white paper.
Flash Player classifies assets (including SWF files) from the Internet in separate sandboxes that correspond to their website origin domains. By default, these files are authorized to access any resources from their own server. Remote SWF files can be allowed to access additional data from other domains by explicit website and author permissions, such as cross-domain policy files and the Security.allowDomain() method. For details, see Website controls (cross-domain policy files) and Author (developer) controls.
Remote SWF files cannot load any local files or resources.
For more information, see the Flash Player 9 Security white paper.
Local file describes any file that is referenced by using the file: protocol or a Universal Naming Convention (UNC) path. Local SWF files are placed into one of three local sandboxes:
Security.allowDomain() method. In order to grant such permission, a cross-domain policy file must grant permission to all domains by using <allow-access-from domain="*"/> or by using Security.allowDomain("*"). For more information, see Website controls (cross-domain policy files) and Author (developer) controls.Communication between the local-with-networking and local-with-filesystem sandboxes, as well as communication between the local-with-filesystem and remote sandboxes, is strictly forbidden. Permission to allow such communication cannot be granted by a Flash application or by a user or administrator.
Scripting in either direction between local HTML files and local SWF files--for example, using the ExternalInterface class--requires that both the HTML file and SWF file involved be in the local-trusted sandbox. This is because the local security models for browsers differ from the Flash Player local security model.
SWF files in the local-with-networking sandbox cannot load SWF files in the local-with-filesystem sandbox. SWF files in the local-with-filesystem sandbox cannot load SWF files in the local-with-networking sandbox.
You can configure a SWF file for the local-with-filesystem sandbox or the local-with-networking sandbox by setting the use-network flag in the Flex compiler. For more information, see About the application compiler options in Building and Deploying Flex Applications.
An end user or the administrator of a computer can specify that a local SWF file is trusted, allowing it to load data from all domains, both local and network. This is specified in the Global Flash Player Trust and User Flash Player Trust directories. For more information, see Administrative user controls and User controls.
For more information on local sandboxes, see Local sandboxes.
An author of a SWF file can use the read-only static Security.sandboxType property to determine the type of sandbox to which Flash Player has assigned the SWF file. The Security class includes constants that represent possible values of the Security.sandboxType property, as follows:
Security.REMOTE--The SWF file is from an Internet URL, and operates under domain-based sandbox rules.Security.LOCAL_WITH_FILE--The SWF file is a local file, but it has not been trusted by the user and was not published with a networking designation. The SWF file can read from local data sources but cannot communicate with the Internet.Security.LOCAL_WITH_NETWORK--The SWF file is a local file and has not been trusted by the user, but it was published with a networking designation. The SWF can communicate with the Internet but cannot read from local data sources.Security.LOCAL_TRUSTED--The SWF file is a local file and has been trusted by the user, using either the Settings Manager or a Flash Player trust configuration file. The SWF file can both read from local data sources and communicate with the Internet.Flex 2.01
Send me an e-mail when comments are added to this page | Comment Report
Current page: http://livedocs.adobe.com/flex/201/html/05B_Security_176_04.html