About local file security and Flash Player 679
About local file security and Flash Player
Flash Player 8 has made enhancements to the security model, in which Flash applications and
SWF files on a local computer are not allowed to communicate with both the Internet and the
local file system by default. A local SWF file is a SWF file that is locally installed on a user’s
computer, not served from a website, and does not include projector (EXE) files.
When you create a FLA file, you can indicate whether a SWF file is allowed to communicate
with a network or with a local file system. In previous versions of Flash Player, local SWF files
could interact with other SWF files and load data from any remote or local location. In Flash
Player 8, a SWF file cannot make connections to the local file system and the Internet. This is
a safety change, so a SWF file cannot read files on your hard disk and then send the contents
of those files across the Internet.
This security restriction affects all locally deployed content, whether it is legacy content (a
FLA file created in an earlier version of Flash) or created in Flash 8. Suppose you deploy a
Flash application, using Flash MX 2004 or earlier, that runs locally and also accesses the
Internet. In Flash Player 8, this application now prompts the user for permission to
communicate with the Internet.
When you test a file on your hard disk, there are a series of steps to determine whether the file
is a local trusted document or a potentially untrusted document. If you create the file in the
Flash authoring environment (for example, when you select Control > Test Movie), your file
is trusted because it is in a test environment.
In Flash Player 7 and earlier, local SWF files had permissions to read from both a local file
system and the network (such as the Internet). In Flash Player 8, local SWF files can have the
following levels of permission:
Access the local file system only (default) A local SWF file can read from the local file
system and universal naming convention (UNC) network paths but cannot communicate
with the Internet. For more information on local file access SWF files, see “Access local files
only (default)” on page 686.
Access the network only A local SWF file can access the network (such as the Internet)
but not the local file system where it is installed. For more information on network-only SWF
files, see “Access network only” on page 687.
NOTE
The restrictions that are discussed in this section do not affect SWF files that are on the
Internet.
To Next Page
Loading...