O'Reilly logo

Essential ActionScript 3.0 by Colin Moock

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Two Common Security-Related Development Issues

Over the course of this chapter we've studied a variety of security restrictions and permissions systems. Let's finish our study of Flash Player security by looking at two security scenarios that commonly occur in the typical ActionScript development process: accessing Internet subdomains and accessing the Loader class's instance variable content. Each scenario presents a limitation and the corresponding workaround for that limitation.

Accessing Internet Subdomains

Earlier in Table 19-3, we learned that a remote .swf can load data from its remote region of origin only. In the section "The Local Realm, the Remote Realm, and Remote Regions," we also learned that two different Internet subdomains, such as www.example.com and games.example.com are considered different remote regions. Hence, a .swf loaded from http://example.com can load any datafile posted at http://example.com, but cannot load datafiles posted on any other domain, including subdomains such as games.example.com. Perhaps surprisingly, this means that a .swf file loaded from http://example.com cannot use an absolute URL to access a file posted on www.example.com. To grant a .swf file loaded from example.com permission to load assets from www.example.com, use a policy file, as described in the earlier section "Distributor Permissions (Policy Files)."

The following steps describe how the owner of example.com would supply a policy file allowing .swf files accessed via example.com ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required