Security Features Added Since Flash Player 7


Back with version 7 of the Flash Player, Macromedia introduced new features that improve security, including those discussed in the following sections.

Cross-Domain Policy File

If you are planning to load data from a domain (such as www.macromedia.com) or subdomain (such as store.macromedia.com) other than the one in which your Flash .swf file resides, you need to set up a cross-domain policy file. Without it, the Flash player pops up a warning box from the browser asking users whether they want to download data from a second domain.

Domains must be an exact match. For example, if you have a Flash .swf file on the www.mydomain.com domain, data on the data.mydomain.com subdomain is seen as belonging to a different domain and requires a cross-domain policy file.

A cross-domain policy file is a small XML-structured file on the domain server root, as shown in the following example. It contains a list of domains that are allowed to access those files. This tightens up the security of Flash, and offers some protection to end users because only files from domains listed in the policy file can be loaded into the host .swf without triggering an alert box. The file must be named crossdomain.xml and saved in the document root directory of the server from which your movie is accessing a file:

<cross-domain-policy>     <allow-access-from domain="www.domain_to_allow_here.com" /> </cross-domain-policy>


You can list more than one domain. You can also use * to permit subdomains in one line.

<cross-domain-policy>     <allow-access-from domain="www.mydomain.com" />     <allow-access-from domain="*.anotherdomain.com" /> </cross-domain-policy>


With the cross-domain policy file, you can control from which domains external content can be loaded into your projects. The Flash Player automatically looks for this file in the domain server root of the file to be loaded. The next section discusses situations when you may need to tell Flash to look for a policy file in a specific location.

System.security.loadPolicyFile()

You need to use System.security.loadPolicyFile() to tell Flash where to look for your policy file in the following situations:

  • The server in question serves through a port other than a standard port.

  • You want to store your policy file in a location other than the root directory.

  • You want to name the policy file something other than crossdomain.xml.

In the following example, the policy file is named myPolicy.xml and is located in the flash directory.

System.security.loadPolicyFile("http://www.mysite.com/flash/myPolicy.xml");


This code collects the list of allowed domains listed in the policy file in the specified location.

For more information on the security enhancements, see the Macromedia Developer Center article, "Security Changes in Macromedia Flash Player 7," which can be found online at http://www.macromedia.com/devnet/mx/flash/articles/fplayer_security.html. For information on the security enhancements introduced in Flash 8, see the article "Security Changes in Flash Player 8," which can be found at http://www.macromedia.com/devnet/flash/articles/fplayer8_security.html.



Special Edition Using Macromedia Studio 8
Special Edition Using Macromedia Studio 8
ISBN: 0789733854
EAN: 2147483647
Year: 2003
Pages: 337

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net