We've just learned that distributor permissions are used to authorize accessing-content-as-data, loading-data, and socket-connection operations. Distributor permissions are so named because they must be put in place by the distributor of the resource to which they grant access.
By contrast, creator permissions are permissions put in place by the creator of a .swf file rather than its distributor. Creator permissions are more limited than distributor permissions; they affect cross-scripting and HTML-to-SWF scripting operations only.
This book does not cover HTML-to-SWF-scripting operations. For details on security and HTML-to-SWF scripting, see the entries for the Security class's static methods allowDomain( ) and allowInsecureDomain( ) in Adobe's ActionScript Language Reference.
Unlike distributor permissions, which are served independently of the content to which they grant access, creator permissions are issued from within .swf files. By calling Security.allowDomain( ) in a .swf file, a developer can grant .swf files from foreign origins permission to cross-script that .swf file. For example, if app.swf includes the following line of code:
then any .swf file loaded from site-b.com can cross-script app.swf. Furthermore, because the call to allowDomain( ) occurs within a .swf file, the permissions granted are effective no matter where that .swf file is posted.
In contrast to distributor permissions, creator ...