Specifications
53ADOBE FLEX 3
Building and Deploying Adobe Flex 3 Applications
To ensure that passwords are transmitted from the client to the server safely, enforce the use of SSL or some other
secure transport-level protocol.
When you ask for a password in a Te x tA re a or Te x t Input control, set the displayAsPassword property to true.
This displays the password as asterisks as it is typed.
Storing persistent data with the SharedObject class
Flash Player supports persistent shared objects through the SharedObject class. The SharedObject class stores data
on users’ computers. This data is usually local, meaning that it was obtained with the
SharedObject.getLocal()
method. You can also create persistent remote data with the SharedObject class; this requires Flash Media Server
(formerly Flash Communication Server).
Each remote sandbox has an associated store of persistent SharedObject directory on the client. For example,
when any SWF from domain1.com reads or writes data with the SharedObject class, Flash Player reads or writes
that object in the domain1.com object store. Likewise for a SWF from domain2.com, Flash Player uses the
domain2.com store. To avoid name collisions, the directory path defaults to the full path in the URL of the creating
SWF file. This process can be shortened by using the
localPath parameter of the SharedObject.getLocal()
method, which allows other SWF files from the same domain to access a shared object after it is created.
Every domain has a maximum amount of data that a SharedObject class can save in the object store. This is an
allocation of the user’s disk space in which applications from that domain can store persistent data. Users can
change the quota for a domain at any time by choosing Settings from the Flash Player context menu. When an
application tries to store data with a SharedObject class that causes Flash Player to exceed its domain’s quota, a
dialog box appears, asking the user whether to increase the domain quota.
Configuring client security settings
Some security control features in Flash Player target user choices, and some target the modern corporate and
enterprise environments, such as when the IT department would like to install Flash Player across the enterprise
but has concerns about IT security and privacy. To help address these types of requirements, Flash Player provides
various installation-time configuration choices. For example, some corporations do not want Flash Player to have
access to the computer’s audio and video hardware; other environments do not want Flash Player to have any read
or write access to the local file system.
Three groups can make security choices: the application author (using developer controls), the administrative
user (using administrator controls), and the local user (with user controls).