User Guide

ManualsBrandsMacromedia ManualsOtherFLEX 2-PROGRAMMING ACTIONSCRIPT 3.0

481

482

483

484

485

486

487

488

489

490

484 Flash Player Security

The choice of a shared object store is based on a SWF file’s origin URL. This is true even in

the two situations where a SWF file does not originate from a simple URL: import loading

and dynamic loading. Import loading refers to the situation where you load a SWF file with

the

LoaderContext.securityDomain property set to SecurityDomain.currentDomain. In

this situation, the loaded SWF file will have a pseudo-URL that begins with its loading SWF

file’s domain and then specifies its actual origin URL. Dynamic loading refers to the loading

of a SWF file using the

Loader.loadBytes() method. In this situation, the loaded SWF file

will have a pseudo-URL that begins with its loading SWF file’s full URL followed by an

integer ID. In both the import loading and dynamic loading cases, a SWF file’s pseudo-URL

can be examined using the

LoaderInfo.url property. The pseudo-URL is treated exactly like

a real URL for the purposes of choosing a shared object store. You can specify a shared object

localPath parameter that uses part or all of the pseudo-URL.

Users and administrators can elect to disable the use of third-party shared objects. This is the

usage of shared objects by any SWF file that is executing in a web browser, when that SWF

file’s origin URL is from a different domain than the URL shown in the browser’s address bar.

Users and administrators may choose to disable third-party shared object usage for reasons of

privacy, wishing to avoid cross-domain tracking. In order to avoid this restriction, you may

wish to ensure that any SWF file using shared objects is loaded only within HTML page

structures that ensure that the SWF file comes from the same domain as is shown in the

browser's address bar. When you attempt to use shared objects from a third-party SWF file,

and third-party shared object use is disabled, the

SharedObject.getLocal() and

SharedObject.getRemote() methods return null. For more information, see

www.adobe.com/products/flashplayer/articles/thirdpartylso.

Camera, microphone, Clipboard, mouse,

and keyboard access

When a SWF file attempts to access a user's camera or microphone using the Camera.get()

Microphone.get() methods, Flash Player displays a Privacy dialog box, in which the user

can allow or deny access to their camera and microphone. The user and the administrative

user can also disable camera access on a per-site or global basis, through controls in the

mms.cfg file, the Settings UI, and the Settings Manager (see “Administrative user controls”

on page 452 and “User controls” on page 454). With user restrictions, the

Camera.get() and

Microphone.get() methods each return a null value. You can use the

Capabilities.avHardwareDisable property to determine whether the camera and

microphone have been administratively prohibited (

true) or allowed (false).