moock.org is supported in part by


April 11, 2007

Chapter 19, Paragraphs 1-8 , Essential ActionScript 3.0

Here are the first 8 paragraphs of Chapter 19 of Essential ActionScript 3.0.

19. Flash Player Security Restrictions

To protect data from being transferred to unauthorized destinations without appropriate permission, Flash Player scrutinizes all requests to load or access external resources, or interact with other .swf files or HTML files. Each request a .swf file makes for an external resource (a resource not compiled into the .swf file making the request) is rejected or approved based on the following factors:

* The ActionScript operation used to access the resource
* The security status of the .swf file performing the request
* The location of the resource
* The explicit access-permissions set for the resource as determined by either the resourceís creator or distributor
* The explicit access-permissions granted by the user (e.g., permission to connect to the userís camera or microphone)
* The type of Flash Player running the .swf file (e.g., plug-in version, standalone version, Flash authoring tool test version)

In the preceding list, and throughout this chapter, the following terms have the following meanings:

Resource distributor

The party that delivers a given resource. Typically a server operator such as a web site administrator or socket server administrator.

Resource creator

The party that actually authors the resource. For .swf files, the resource creator is the ActionScript developer that compiles the .swf.

User

The user of the computer on which Flash Player is running.

This chapter explains Flash Player security restrictions in general terms, and then explores how security specifically affects loading content and accessing external data.

This chapter covers security restrictions in one specific Flash runtime: Flash Player (both the web browser add-on, and standalone player versions). For information on security limitations imposed by other Flash runtimes (e.g., Apollo and Flash Lite), see Adobeís documentation.

Posted by moock at April 11, 2007 06:04 PM