Adobe Flex 3 Help

Managing Flash Player security

Flash Player does not allow an application to receive data from a domain other than the domain from which it was loaded, unless it has been given explicit permission. If you load your application SWF file from http://mydomain.com, it cannot load data from http://yourdomain.com. This security sandbox prevents malicious use of Flash Player capabilities. (JavaScript uses a similar security model to prevent malicious use of JavaScript.)

To access data from a Flex application, you have three choices:

Using cross-domain policy files

A cross-domain policy file is a simple XML file that gives Flash Player permission to access data from a domain other than the domain on which the application resides. Without this policy file, the user is prompted to grant access permission through a dialog box--a situation that you want to avoid.

The cross-domain policy file (named crossdomain.xml) is placed in the root of the server (or servers) containing the data that you want to access. The following example shows a cross-domain policy file:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
 <allow-access-from domain="www.yourdomain.com" />
</cross-domain-policy>

For more information about configuring cross-domain policy files, see the following tech note: http://www.adobe.com/go/tn_14213.

Setting up a proxy to access remote data

Another option for managing Flash Player security (aside from using a cross-domain policy file) is to use a proxy. LiveCycle Data Services ES provides a complete proxy management system for Flex applications. You can also create a simple proxy service by using a web scripting language such as ColdFusion, JSP, PHP, or ASP.

The proxy service processes requests from the application to the remote service and responses from the remote service back to the application (Flash Player).

When developing your applications, a common technique is to host the proxy on your local computer. To do this, you need to run a web server and scripting language on your local development computer.

For more information about creating your own proxy, see the following tech note: http://www.adobe.com/go/tn_16520.

Setting up Flex Builder to use a proxy for accessing remote data

After you have set up a proxy to access data from a remote service, you place the application files in the same domain as the proxy. In Flex Builder, you can modify both the project build settings and the launch configuration to manage the use of a proxy.

If you use Flex Builder to compile your applications and the proxy server is also set up on your local development computer, you can modify the project build settings to automatically copy the compiled application files to the appropriate location on your web server.

Modifying the project build path

  1. In the Flex Navigator, select a project.
  2. Right-click and select Properties. The Project Properties dialog box appears.
  3. Select the Flex Build Path properties page.
  4. Change the existing output folder by entering a new path or by browsing to the appropriate folder of your web server (for example, C:\inetpub\wwwroot\myApp\).
  5. Click OK.

To run and debug the application from the web server, you must modify the project's launch configuration.

Modifying the launch configuration

  1. With the project's main application file open in Flex Builder, right-click in the editor and select Run As > Open Run Dialog. The Create, Manage, and Run Configurations dialog box appears.
  2. From the list of configurations, select the project's launch configuration.
  3. (Optional) On the Main tab, deselect the Use Defaults option to modify the URL or path to launch.
  4. In the Debug text box, enter the URL or path to the debug version of the application.
  5. In the Profile text box, enter the URL or path to the profiler version of the application.
  6. In the Run text box, enter the URL or path to the main application file.
  7. Click Apply and then click Close.