Specifications
CHAPTER 3
32
The only type of persistent storage is through the SharedObject class, which is embodied as a file in a directory
whose name is related to that of the owning SWF file. A Flex application cannot typically write, modify, or delete
any files on the client computer other than SharedObject data files, and it can only access SharedObject data files
under the established settings per domain.
Flash Player helps limit potential denial-of-service attacks involving disk space (and system memory) through its
monitoring of the usage of SharedObject classes. Disk space is conserved through limits automatically set by Flash
Player (the default is 100K of disk space for each domain). The author can set the application to prompt the user
for more disk space, or Flash Player automatically prompts the user if an attempt is made to store data that exceeds
the limit. In either case, the disk space limit is enforced by Flash Player until the user gives explicit permission for
an increased allotment for that domain.
Flash Player contains memory and processor safeguards that help prevent applications from taking control of
excess system resources for an indefinite period of time. For example, Flash Player can detect an application that
is in an infinite loop and select it for termination by prompting the user. The resources that the application uses
are immediately released when the application closes.
Flash Player uses a garbage collector engine. The processing of new allocation requests always first ensures that
memory is cleared so that the new usage always obtains only clean memory and cannot view any previous data.
Privacy
Privacy is an important aspect of overall security. Adobe products, including Flash Player, provide very little infor-
mation that would reveal anything about a user (or their computer). Flash Player does not provide personal infor-
mation about users (such as names, e-mail addresses, and phone numbers), or provide access to other sensitive
information (such as credit card numbers or account information).
What Flash Player does provide is basically standardized hardware and software configuration information that
authors might use to enhance the user experiences in the environment encountered. The same information is
often available already from the operating system or web browser.
Information about the client environment that is available to the Flex application includes:
• User agent string, which typically identifies the embedding browser type and operating system of the client
• System capabilities such as the language or the presence of an MP3 decoder (see the Capabilities class)
• Presence of a camera and microphone
• Keyboard and mouse input
ActionScript also includes the ability to replace the contents of the client’s Clipboard by using the
setClipboard() method of the System class. This method does not have a corresponding getClipboard()
method, so protected data that might be stored in the Clipboard already is not accessible to Flash Player.