User Guide
Security sandboxes 461
Another important security-related method is the Security.loadPolicyFile() method,
which causes Flash Player to check for a cross-domain policy file at a nonstandard location.
For more information, see “Website controls (cross-domain policy files)” on page 456.
Security sandboxes
Client computers can obtain individual SWF files from a number of sources, such as from
external websites or from a local file system. Flash Player individually assigns SWF files and
other resources, such as shared objects, bitmaps, sounds, videos, and data files, to security
sandboxes based on their origin when they are loaded into Flash Player. The following
sections describe the rules, enforced by Flash Player, that govern what a SWF file within a
given sandbox can access.
For more information on security sandboxes, see the Flash Player 9 Security white paper.
Remote sandboxes
Flash Player classifies assets (including SWF files) from the Internet in separate sandboxes that
correspond to their website origin domains. By default, these files are authorized to access any
resources from their own server. Remote SWF files can be allowed to access additional data
from other domains by explicit website and author permissions, such as cross-domain policy
files and the
Security.allowDomain() method. For details, see “Website controls (cross-
domain policy files)” on page 456 and “Author (developer) controls” on page 460.
Remote SWF files cannot load any local files or resources.
For more information, see the Flash Player 9 Security white paper.