To protect data from being transferred to unauthorized destinations without appropriate permission, Flash Player scrutinizes all requests to load or access external resources, or interact with other .swf files or HTML files. Each request a .swf file makes for an external resource (a resource not compiled into the .swf file making the request) is rejected or approved based on the following factors:
The ActionScript operation used to access the resource
The security status of the .swf file performing the request
The location of the resource
The explicit access-permissions set for the resource as determined by either the resource's creator or distributor
The explicit access-permissions granted by the user (e.g., permission to connect to the user's camera or microphone)
The type of Flash Player running the .swf file (e.g., plug-in version, standalone version, Flash authoring tool test version)
In the preceding list, and throughout this chapter, the following terms have the following meanings:
The party that delivers a given resource. Typically a server operator such as a web site administrator or socket server administrator.
The party that actually authors the resource. For .swf files, the resource creator is the ActionScript developer that compiles the .swf.
The user of the computer on which Flash Player is running.
This chapter explains Flash Player security restrictions in general terms, and then explores ...