In an effort to ehance security, the Macromedia Flash Player 6 has
implemented a Security Sandbox. This sandbox provides a restricted area
that 'surrounds' a web site and restricts access to private data. There
are some important security items to be aware of:
For security
reasons, a Macromedia Flash movie is not permitted to access
ActionScript objects and variables in another Macromedia Flash movie
loaded from a different Internet domain. This restriction includes
functions, movie clips, text fields, and variables. Attempts to
access cross-domain data will be ignored by the Macromedia Flash
Player.
Example
1: http://www.macromedia.com/Movie1.swf loads
http://www.macromedia.com/Movie2.swf into _level2.
Because the two movies reside in the same domain
(www.macromedia.com), they are permitted to access each
other's data via ActionScript.
Example 2: http://www.macromedia.com/Movie1.swf now
loads http://www.shockwave.com/Movie3.swf into
_level3.
Because the
two movies reside in different domains, they are NOT permitted
to access each other's data. When Movie1.swf tries to access
_level3.someVariable, the request will be rejected and
"undefined" will be
returned.
Under
the Securirty Sandbox, two domains are considered compatible if they
are subdomains of the same top-level domain (i.e., server1.mydomain.com is compatible with serverXYZ.mydomain.com).
Macromedia Flash Security Sandbox behavior is applied to
Macromedia Flash 6 SWF files only. Macromedia Flash 4 and Macromedia
Flash 5 SWF files will continue to function as before. For instance,
a Macromedia Flash 5 SWF file is able to access variables in another
Macromedia Flash 5 SWF file loaded from a different domain.
A Flash
6 SWF file, on the other hand, may not access variables in another
Flash 6 SWF file loaded from a different domain.
Additionally, a Flash 4 or Flash 5 SWF file may not access
variables in a Flash 6 SWF file loaded from a different
domain
Additional
Information The security features
documented in this TechNote were added to the Macromedia Flash Player at
the request of developers. These enhanced security features were added to
address potential issues with data transfer to and from Flash movies based
upon consultation with industry experts.
For more
information on Macromeida Flash Player's Security Sandbox, refer to the FlashMX
Security Whitepaper.
To see the
ActionScript Dictionary entry for System.security.allowDomain (the mechanism that
permits cross-domain access between SWF files,) refer to the most recent
Macromedia Flash MX Documentation. Download the latest updated
documentation from Macromedia
Flash MX Documentation Update (TechNote 16470).