Flash Security Features - Adobe 38039336 - Flash CS3 Professional User Manual

A browser that receives the correct MIME type can load the appropriate plug-in, control, or helper application to
process and properly display the incoming data. If the MIME type is missing or not properly delivered by the server,
the browser might display an error message or a blank window with a puzzle piece icon.
• If your site is established through an Internet service provider (ISP), ask the ISP to add this MIME type to the
server: application/x-shockwave-flash with the .swf extension.
• If you are administering your own server, see your web server documentation for instructions on adding or
configuring MIME types.
• Corporate and enterprise system administrators can configure Flash to restrict Flash Player access to resources in
the local file system. Create a security configuration file that limits Flash Player functionality on the local system.
The security configuration file is a text file placed in the same folder as the Flash Player installer. The Flash Player
installer reads the configuration file during installation and follows its security directives. Flash Player uses the
System object to expose the configuration file to ActionScript.
With the configuration file, disable Flash Player access to the camera or microphone, limit the amount of local
storage Flash Player can use, control the auto-update feature, and block Flash Player from reading anything from the
user's local hard disk.
For more information about security, see System in ActionScript 2.0 Language Reference.

Flash security features

Publishing secure Flash documents
Flash Player 8 and later contain the following features that help you ensure the security of your Flash documents:
Buffer overrun protection
Enabled automatically, this feature prevents the intentional misuse of external files in a Flash document to overwrite
a user's memory or insert destructive code such as a virus. This prevents a document from reading or writing data
outside the document's designated memory space on a user's system.
Exact domain matching for sharing data between Flash documents
Flash Player 7 and later enforces a stricter security model than earlier versions. The security model changed in two
primary ways between Flash Player 6 and Flash Player 7:
Flash Player 6 lets SWF files from similar domains (for example,
Exact domain matching
) communicate freely with each other and with other documents. In Flash Player 7, the domain
store.adobe.com
of the data to be accessed must match the data provider's domain exactly for the domains to communicate.
A SWF file that loads by using nonsecure (non-HTTPS) protocols cannot access content
HTTPS/HTTP restriction
loaded by using a secure (HTTPS) protocol, even when both protocols are in exactly the same domain.
For more information about ensuring that content performs as expected with the new security model, see Under-
standing security in Learning ActionScript 2.0 in Adobe Flash.
FLASH CS3
User Guide
and
www.adobe.com
434