Table of Contents
Advertisement
Local sandboxes
Local file describes any file that is referenced by using the
Naming Convention (UNC) path. Local SWF files are placed into one of three local
sandboxes:
The local-with-filesystem sandbox—For security purposes, Flash Player places all local
■
SWF files and assets in the local-with-file-system sandbox, by default. From this sandbox,
SWF files can read local files (by using the URLLoader class, for example), but they
cannot communicate with the network in any way. This assures the user that local data
cannot be leaked out to the network or otherwise inappropriately shared.
The local-with-networking sandbox—When compiling a SWF file, you can specify that it
■
has network access when run as a local file (see
files" on page
463).These files are placed in the local-with-networking sandbox. SWF files
that are assigned to the local-with-networking sandbox forfeit their local file access. In
return, the SWF files are allowed to access data from the network. However, a local-with-
networking SWF file is still not allowed to read any network-derived data unless
permissions are present for that action, through a cross-domain policy file or a call to the
Security.allowDomain()
policy file must grant permission to all domains by using
or by using
domain="*"/>
"Website controls (cross-domain policy files)" on page 456
controls" on page
The local-trusted sandbox—Local SWF files that are registered as trusted (by users or by
■
installer programs) are placed in the local-trusted sandbox. System administrators and
users also have the ability to reassign (move) a local SWF file to or from the local-trusted
sandbox based on security considerations (see
and
"User controls" on page
can interact with any other SWF files and can load data from anywhere (remote or local).
Communication between the local-with-networking and local-with-filesystem sandboxes, as
well as communication between the local-with-filesystem and remote sandboxes, is strictly
forbidden. Permission to allow such communication cannot be granted by a Flash application
or by a user or administrator.
Scripting in either direction between local HTML files and local SWF files—for example,
using the ExternalInterface class—requires that both the HTML file and SWF file involved be
in the local-trusted sandbox. This is because the local security models for browsers differ from
the Flash Player local security model.
462
Flash Player Security
method. In order to grant such permission, a cross-domain
Security.allowDomain("*")
460.
454). SWF files that are assigned to the local-trusted sandbox
protocol or a Universal
file:
"Setting the sandbox type of local SWF
<allow-access-from
. For more information, see
and
"Author (developer)
"Administrative user controls" on page 452
Advertisement
Chapters
Table of Contents
