Security is a key concern of Adobe, users, website owners, and content developers. For this reason, Adobe®Flash™ Player 9 includes a set of security rules and controls to safeguard the user, website owner, and content developer. This chapter discusses how to work with the Flash Player security model when you are developing applications. In this chapter, all SWF files discussed are assumed to be published with ActionScript™ 3.0 (and thus running in Flash Player 9 or later), unless otherwise noted. For information about Adobe AIR security issues, see AIR Security in Developing Adobe AIR Applications with Flash CS3 Professional or Developing AIR Applications with Adobe Flex 3

This chapter is intended as an overview of security; it does not try to comprehensively explain all implementation details, usage scenarios, or ramifications for using certain APIs. For a more detailed discussion of Flash Player Security concepts, see the Flash Player 9 Security white paper, at www.adobe.com/go/fp9_0_security.

Contents

• Flash Player security overview
• Overview of permission controls
• Security sandboxes
• Restricting networking APIs
• Full-screen mode security
• Loading content
• Cross-scripting
• Accessing loaded media as data
• Loading data
• Loading embedded content from SWF files imported into a security domain
• Working with legacy content
• Setting LocalConnection permissions
• Controlling access to scripts in a host web page
• Shared objects
• Camera, microphone, clipboard, mouse, and keyboard access