To give the information we've studied so far a practical context, let's look at a few examples where Flash Player's security system prevents data from being retrieved by an unauthorized party. Each scenario presents the technique a hacker would use to access data if there were no Flash Player security and then describes how Flash Player's security system prevents the hacker from accessing the target data.
Joe Hacker wants to perform an identity theft on Dave User. Joe knows that Dave reports his taxes using ABCTax software on Microsoft Windows. Joe does a little research, and finds that ABCTax keeps each year's tax return information in an XML file stored in the following location: c:\ABCTax\taxreturn.xml. If Joe can get that file, he can use the information it contains to open a bank account and apply for credit cards in Dave's name. So Joe sends Dave an email with a harmless looking animation, cartoon.swf, as an attachment. Dave opens the email and watches the cartoon in a web browser on his local machine. Without Dave's knowledge, cartoon.swf secretly uses URLLoader.load( ) to retrieve taxreturn.xml from the local filesystem. Then, cartoon.swf uses flash.net.sendToURL( ) to upload taxreturn.xml to Joe's web site.
Joe gets a credit card in Dave's name and buys a Nintendo Wii with lots of great games.
As before, Joe sends Dave an email with a harmless looking ...