About publishing secure Flash documents 457
About publishing secure Flash
documents
Flash Player 8 contains several features that help you ensure the security of your Flash
documents. The security features are:
■ Buffer overrun protection
■ Exact domain matching for sharing data between documents
■ Local and network playback security
About buffer overrun protection
Buffer overrun protection prevents the intentional misuse of external files in a Flash
document to overwrite a user’s memory or insert destructive code such as a virus. This
prevents a Flash document from reading or writing data outside the document’s designated
memory space on a user’s system. Buffer overrun protection is enabled automatically.
About exact domain matching for sharing data
between Flash documents
Flash Player 7 and later enforces a stricter security model than earlier versions of Flash Player.
There were two primary changes in the security model between Flash Player 6 and Flash
Player 7:
Exact domain matching Flash Player 6 lets SWF files from similar domains (for example,
www.macromedia.com and store.macromedia.com) communicate freely with each other
and with other documents. In Flash Player 7, the domain of the data to be accessed must
match the data provider’s domain exactly for the domains to communicate.
HTTPS/HTTP restriction A SWF file that loads using nonsecure (non-HTTPS) protocols
cannot access content loaded using a secure (HTTPS) protocol, even when both protocols are
in exactly the same domain.
For more information about ensuring that Flash content performs as expected with the new
security model, see Chapter 17, “Understanding Security” in Learning ActionScript 2.0 in
Flash.
To Next Page
Loading...