ADOBE FLEX 3
Other forms of loaded data include text or XML files, which are loaded with a URLLoader object. Again in this case,
to access any data from another security sandbox, permission must be granted by means of a cross-domain policy
file at the origin domain. For details, see “Using URLLoader and URLStream” on page 555.
Overview of permission controls
The Flash Player client run-time security model has been designed around resources, which are objects such as SWF
files, local data, and Internet URLs. Stakeholders are the parties who own or use those resources. Stakeholders can
exercise controls (security settings) over their own resources, and each resource has four stakeholders. Flash Player
strictly enforces a hierarchy of authority for these controls, as the following illustration shows:
Hierarchy of security controls
This means, for instance, that if an administrator restricts access to a resource, no other stakeholders can override
Administrator, user, and website controls are detailed in the following sections. Author (developer) settings are
described in the rest of this chapter.
Administrative user controls
An administrative user of a computer (a user who has logged in with administrative rights) can apply Flash Player
security settings that affect all users of the computer. In a nonenterprise environment, such as on a home computer,
there is usually one user who also has administrative access. Even in an enterprise environment, individual users may
have administrative rights to the computer.
There are two types of administrative user controls:
• The mms.cfg file
• The Global Flash Player Trust directory
The mms.cfg file
On Mac OS X systems, the mms.cfg file is located at /Library/Application Support/Macromedia/mms.cfg. On
Microsoft Windows systems, the file is located in the Macromedia Flash Player folder in the system directory (for
example, C:\windows\system32\macromed\flash\mms.cfg on a default Windows XP or Windows Vista instal-
When Flash Player starts, it reads its security settings from this file, and uses them to limit functionality.