User Guide

ManualsBrandsMacromedia ManualsOtherFLEX 2-PROGRAMMING ACTIONSCRIPT 3.0

461

462

463

464

465

466

467

468

469

470

462 Flash Player Security

Local sandboxes

Local file describes any file that is referenced by using the file: protocol or a Universal

Naming Convention (UNC) path. Local SWF files are placed into one of three local

sandboxes:

■ The local-with-filesystem sandbox—For security purposes, Flash Player places all local

SWF files and assets in the local-with-file-system sandbox, by default. From this sandbox,

SWF files can read local files (by using the URLLoader class, for example), but they

cannot communicate with the network in any way. This assures the user that local data

cannot be leaked out to the network or otherwise inappropriately shared.

■ The local-with-networking sandbox—When compiling a SWF file, you can specify that it

has network access when run as a local file (see “Setting the sandbox type of local SWF

files” on page 463).These files are placed in the local-with-networking sandbox. SWF files

that are assigned to the local-with-networking sandbox forfeit their local file access. In

return, the SWF files are allowed to access data from the network. However, a local-with-

networking SWF file is still not allowed to read any network-derived data unless

permissions are present for that action, through a cross-domain policy file or a call to the

Security.allowDomain() method. In order to grant such permission, a cross-domain

policy file must grant permission to all domains by using

<allow-access-from

domain="*"/>

or by using Security.allowDomain("*"). For more information, see

“Website controls (cross-domain policy files)” on page 456 and “Author (developer)

controls” on page 460.

■ The local-trusted sandbox—Local SWF files that are registered as trusted (by users or by

installer programs) are placed in the local-trusted sandbox. System administrators and

users also have the ability to reassign (move) a local SWF file to or from the local-trusted

sandbox based on security considerations (see “Administrative user controls” on page 452

and “User controls” on page 454). SWF files that are assigned to the local-trusted sandbox

can interact with any other SWF files and can load data from anywhere (remote or local).

Communication between the local-with-networking and local-with-filesystem sandboxes, as

well as communication between the local-with-filesystem and remote sandboxes, is strictly

forbidden. Permission to allow such communication cannot be granted by a Flash application

or by a user or administrator.

Scripting in either direction between local HTML files and local SWF files—for example,

using the ExternalInterface class—requires that both the HTML file and SWF file involved be

in the local-trusted sandbox. This is because the local security models for browsers differ from

the Flash Player local security model.