Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherFLEX 2-PROGRAMMING ACTIONSCRIPT 3.0
451452453454455456457458459460
Flash Player Security overview 451
In the Flash Player security model, there is a distinction between loading content and accessing
or loading data.
Loading content—Content is defined as media, including visual media Flash Player can
display, audio, video, or a SWF file that includes displayed media. Data is defined as
something that is accessible only to ActionScript code. You can load content using classes
such as the Loader, Sound, and NetStream classes.
Accessing content as data or loading data—You can access data in two ways: by extracting
data from loaded media content or by directly loading data from an external file (such as
an XML file). You can extract data from loaded media by using Bitmap objects, the
BitmapData.draw() method, the Sound.id3 property, or the
SoundMixer.computeSpectrum() method. You can load data using classes such as the
URLStream, URLLoader, Socket, and XMLSocket classes.
The Flash Player security model defines different rules for loading content and accessing data.
In general, there are fewer restrictions on loading content than on accessing data.
In general, content (SWF files, bitmaps, MP3 files, and videos) can be loaded from anywhere,
but if the content is from a domain other than that of the loading SWF file, it will be
partitioned in a separate security sandbox.
There are a few barriers to loading content:
By default, local SWF files (those loaded from a non-network address, such as a user’s hard
drive) are classified in the local-with-filesystem sandbox. These files cannot load content
from the network. For more information, see “Local sandboxes” on page 462.
Real-Time Messaging Protocol (RTMP) servers can limit access to content. For more
information, see “Content delivered using RTMP servers on page 470.
If the loaded media is an image, audio, or video, its data, such as pixel data and sound data,
cannot be accessed by a SWF file outside its security sandbox, unless the domain of that SWF
file has been included in a cross-domain policy file at the origin domain of the media. For
details, see Accessing loaded media as data” on page 474.
Other forms of loaded data include text or XML files, which are loaded with a URLLoader
object. Again in this case, to access any data from another security sandbox, permission must
be granted by means of a cross-domain policy file at the origin domain. For details, see “Using
URLLoader and URLStream” on page 477.