Here are the first 8 paragraphs of Chapter 19 of Essential ActionScript 3.0.
19. Flash Player Security Restrictions
To protect data from being transferred to unauthorized destinations without appropriate permission, Flash Player scrutinizes all requests to load or access external resources, or interact with other .swf files or HTML files. Each request a .swf file makes for an external resource (a resource not compiled into the .swf file making the request) is rejected or approved based on the following factors:
* The ActionScript operation used to access the resource
* The security status of the .swf file performing the request
* The location of the resource
* The explicit access-permissions set for the resource as determined by either the resource’s creator or distributor
* The explicit access-permissions granted by the user (e.g., permission to connect to the user’s camera or microphone)
* The type of Flash Player running the .swf file (e.g., plug-in version, standalone version, Flash authoring tool test version)
In the preceding list, and throughout this chapter, the following terms have the following meanings:
Resource distributor
The party that delivers a given resource. Typically a server operator such as a web site administrator or socket server administrator.
Resource creator
The party that actually authors the resource. For .swf files, the resource creator is the ActionScript developer that compiles the .swf.
User
The user of the computer on which Flash Player is running.
This chapter explains Flash Player security restrictions in general terms, and then explores how security specifically affects loading content and accessing external data.
This chapter covers security restrictions in one specific Flash runtime: Flash Player (both the web browser add-on, and standalone player versions). For information on security limitations imposed by other Flash runtimes (e.g., Apollo and Flash Lite), see Adobe’s documentation.