This document is is just an overview. For additional detail, see: Security Domains, Application Domains, and More in ActionScript 3.0

Flash Player Security Basics

The following tech note outlines basic security restrictions associated with the Flash player.

Contents:

Local vs Network Access

When a SWF is being played on a users hard drive (including from a CD or other local drive), either from the standalone player or through a browser or web page loading the SWF from a local folder on your machine (projectors or other executables are not affected), by default the Flash player is only allowed to access either local content (C:\ etc.) or internet or network content (http:// etc.).

When accessing local content, this is known as the local-with-filesystem sandbox. When accessing network content, this is known as the local-with-networking sandbox.

The only way a SWF file can access both local content and network content and be in what is known as the local-trusted sandbox is if it is given explicit permission to do so. This includes:

Flash developers simply do not have enough control over permissions to ensure a local-trusted sandbox (allowing access to both the local file system and the network).

When publishing a SWF, Flash developers can decide between with-filesystem and with-networking capabilities in the Flash tab of a FLA's Publish Settings.

For Flex 2, this is done using the -use-network compiler argument where a value of true represents local-with-networking and false represents local-with-filesystem.

Note: A SWF with a sandbox of local-with-filesystem is not allowed to load a SWF with a sandbox of local-with-networking, nor the other way around.

Related documentation:

How do I let local Flash content communicate with the Internet? [4c093f20]

Cross-domain Access

For non-local playback, when a SWF is running from the internet or on the network from a server (remote sandbox), security restrictions apply to SWFs on different domains. A SWF in a remote sandbox can never access local files.

Restrictions for content are in place for accessing data (via ActionScript) of content from different domains. Any non-data content such as SWFs, bitmaps, audio, and video can be loaded and played or displayed within the Flash player without restriction. Obtaining access to data from that content such as ActionScript variables and methods, pixel information (from BitmapData.draw()), or sound information (from Sound.computeSpectrum()) or loading data stored in text or XML files is restricted.

For ActionScript cross-scripting, the allowDomain() (AS2, AS3) command is used to allow one SWF from another domain access ActionScript properties and methods within the current SWF.

Related documentation:

Loading data across domains [tn_16520]
System.security.allowDomain() in ActionScript 2
Security.allowDomain() in ActionScript 3

For non-SWF content, a cross-domain policy file is used. For bitmaps, audio, and video content, the cross-domain policy file is only needed to access the content's data via ActionScript. These files will otherwise be able to load into the Flash player without problems. For XML and other text files which are considered to be entirely data, the cross-domain policy file is required to load the file.

 

Related documentation:

External data not accessible outside an Adobe Flash movie's domain [tn_14213]
Accessing loaded media as data (ActionScript 3.0)

Additional Information

For a more complete description of the Flash Player 9 security model, read the Flash Player 9 security white paper. Additional information regarding security can be found by visiting the Flash Player security and privacy page.

Changes made to Flash player security by release can be found here: