Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherFLEX 2-PROGRAMMING ACTIONSCRIPT 3.0
451452453454455456457458459460
456 Flash Player Security
These settings affect only the current user, not other users who log in to the computer. If a
user without administrative rights installs an application in their own portion of the system,
the User Flash Player Trust directory lets the installer register the application as trusted for
that user.
As a developer distributing a locally run SWF file by way of an installer application, you can
have the installer application add a configuration file to the User Flash Player Trust directory,
granting full privileges to the file that you are distributing. Even in this situation, the User
Flash Player Trust directory file is considered a user control, because a user action
(installation) initiates it.
There is also a Global Flash Player Trust directory, used by the administrative user or installers
to register an application for all users of a computer (see Administrative user controls
on page 452).
Website controls (cross-domain policy files)
To make data from a web server available to SWF files from other domains, you can create a
cross-domain policy file on your server. A cross-domain policy file is an XML file that provides
a way for the server to indicate that its data and documents are available to SWF files served
from certain domains or from all domains. Any SWF file that is served from a domain
specified by the server’s policy file is permitted to access data or assets from that server.
Cross-domain policy files affect access to a number of assets, including the following:
Data in bitmaps, sounds, and videos
Loading XML and text files
Access to socket and XML socket connections
Importing SWF files from other security domains into the security domain of the loading
SWF file
Full details are provided in the rest of this chapter.
Policy file syntax
The following example shows a policy file that permits access to SWF files that originate from
*.example.com, www.friendOfExample.com and 192.0.34.166:
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.example.com" />
<allow-access-from domain="www.friendOfExample.com" />
<allow-access-from domain="192.0.34.166" />
</cross-domain-policy>