Over the course of this chapter we've studied a variety of
security restrictions and permissions systems. Let's finish our study
of Flash Player security by looking at two security scenarios that
commonly occur in the typical ActionScript development process:
accessing Internet subdomains and accessing the
Loader class's instance variable
content. Each scenario presents a limitation
and the corresponding workaround for that limitation.
Earlier in Table 19-3, we learned that a remote .swf can load data from its remote region of origin only. In the section "The Local Realm, the Remote Realm, and Remote Regions," we also learned that two different Internet subdomains, such as www.example.com and games.example.com are considered different remote regions. Hence, a .swf loaded from http://example.com can load any datafile posted at http://example.com, but cannot load datafiles posted on any other domain, including subdomains such as games.example.com. Perhaps surprisingly, this means that a .swf file loaded from http://example.com cannot use an absolute URL to access a file posted on www.example.com. To grant a .swf file loaded from example.com permission to load assets from www.example.com, use a policy file, as described in the earlier section "Distributor Permissions (Policy Files)."