Flash Security Sandbox

Cosine Function

I borrowed a Flex and AS3 programming book from the school library a few months ago. I read books very quickly, because I only read the knowledge that attracted me, in Flex, I usually don't look at the design part. I know most about it, althoughI am still interested in design.. I have to take a note of this book on the subway and go through it in the bar, so that I don't know how to read it systematically after a year. Well, since my note involves Flex, let's talk about the two most important files of Flex: The MXML file and the AS file.

How to compile MXML and AS hello world does not need to be mentioned (there are some differences between Flex and Flash, etc ):

<? Xml version = "1.0" encoding = "UTF-8"?>
<Mx: Application xmlns: mx ="Http://www.adobe.com/2006/mxml">
<Mx: Script>
<! [CDATA [
Import mx. controls. Alert;
Alert. show ("hello world ");
]>
</Mx: Script>
</Mx: Application>

The MXML file is actually an XML file, which can be <mx: Script> </mx: script> This label is embedded with the AS script (just like writing js in the <script> </Script> label of an HTML file ). In addition to using import to dynamically import the Flex and Flash modules (which can be understood as an as file), you can also use the following two methods to import the as file:

<Mx: Script source = "hello. as"/>

And

<Mx: Script>
<! [CDATA [
Include "hello. ";
]>
</Mx: Script>

The purpose of this statement is that in the browser client application, what scripts besides JS are worth noting? That's the AS. It's also an important logical control part! On the interface display, MXML and HTML are similar at this time (look at the above, look at the above, compare yourself ):). Isn't RIA hot? Flex is an application dedicated to RIA. To expand the battlefield, Adobe launched the AIR environment. At this time, programs written using Flex can be well transplanted in browsers and desktop environments. Something strange like Flex and Flash, the battlefield is not only in the browser, but also in the desktop environment. An important security model was proposed: Flash Security Sandbox. Without such a security policy, I am afraid the world will not be peaceful. Of course, in the early stage, the world itself will not be peaceful (when I was in touch with Flash, it was still in versions 5.0 and 6.0, that was years, when I first went to college ......). These strategies have been gradually improved over the years.

In fact, the Flash Security Sandbox is included in Flex, because it is essentially Flash and all runs in the Flash Player container. Flex only separates programmers from designers.

Enter the topic --..

Because the notes are not detailed, and these notes come from books and materials I have read (this seems nonsense ).

Security Sandbox includes remote sandbox and local sandbox. In fact, this sandbox model is similar to the same-source policy in the browser. Resources in the same domain are placed under a security group, which is called a security sandbox.

Before getting a deeper understanding of the sandbox, You need to clarify the permission control of Flash Player (I should still divide it according to the terms in the Chinese official documentation on Flash CS3 ):

1. manage user control:

This refers to the highest-privilege user of the system, the Administrator under win, and the root under linux. There are two types of control:

A) mms. cfg file: data loading, privacy control, Flash Player Update, support for old files, local file security, full screen mode, etc.
B) "Global Flash Player Trust" Directory: when some SWF files are specified to this trusted directory, these SWF files will be allocated to the trusted local sandbox. They can interact with any other SWF file, or load data from any location (remotely or locally. The default path of the trusted directory is C: windowssystem32macromedflashplayertrust.

2. User Control:

Compared with the 1st types, users here refer to common users. There are three types of controls:

A) camera and microphone settings: Remember html "target = _ blank>The Flash DEMO of ClickJacking?
B) Shared Object Storage settings: that is the SharedObject.
C) compared with the "Global Flash Player Trust" directory, the user permission also has a "User Flash Player Trust" directory. Default path: C: Documents and SettingsJohnDApplication DataMacromediaFlash Player # SecurityFlashPlayerTrust.

3. Website control (cross-origin policy file ):

It is a well-known crossdomain. xml file. The current security policy is that the file can only be stored in the root directory of the site. The file format is as follows:

<? Xml version = "1.0"?>
<Cross-domain-policy>
<Allow-access-from domain = "*"/>
</Cross-domain-policy>

Take a look at the example:Http://fanfou.com/crossdomain.xml. The configuration of this file allows cross-domain access to the content in this domain.

4. Author (developer) control:

Developers can specify the security control permissions allowed by encoding (in the AS script), such:

Security. allowDomain ("Www. xeye. us");

Of course, wildcard * is supported.This wildcard is really a foolTo avoid unnecessary addition.Security risks.

Well, after the permission control of Flash Player is clear, you can now look at the security sandbox.

1. Remote sandbox:

This remote sandbox controls the security policies in the browser environment on the remote domain, suchHttp://xeye.us/Flash files in the domain cannot be directly connected toHttp://hi.baidu.com/ycosxhackFlash file interaction on the domain. All files in the same domain (strict domain) belong to one sandbox. Objects in the sandbox can be returned to each other. If the objects in the sandbox need to interact with each other, the "Web site control (Cross-Domain Policy file)" and "author (developer) control" described above depend on permission control.

2. Local Sandbox:

There is no way to create a local sandbox. Flash and Flex files can be run in our desktop environment. It is absolutely dangerous if there is no good security policy to limit the AS scripts with weak functions.

It has three types:

A) Local Sandbox that can only interact with the content of the local file system: as the name suggests, the Flash file cannot communicate with objects on the network during local running, instead, it can only interact with local objects.
B) local sandbox that can only interact with remote content: as the name suggests, when a Flash file needs to interact with a remote domain object, it must pass the policy file or Security in the remote domain. use allowDomain encoding to set access policies (same as remote sandbox ). In this case, you cannot access local files.
C) trusted local sandbox: Perfect. In the permission Control described above, management users and common users have the permission to control the trusted directory of Flash Player, as long as we put our SWF file in a trusted directory for running, then this Flash file can communicate with the local and remote domains :).

Of course, the above sandbox types can be determined by encoding the type of sandbox to which the currently running Flash files are allocated. Or through the Security class: Security. sandboxType, value:

Security. REMOTE (REMOTE sandbox)
Security. LOCAL_WITH_FILE (a local sandbox that can only interact with the content of the local file system)
Security. LOCAL_WITH_NETWORK (local sandbox that can only interact with remote content)
Security. LOCAL_TRUSTED (trusted local sandbox)

Well, the Flash Security Sandbox is just these notes. To write this, you have to mention some other Flash security problems. Most of these security issues are centered on the security sandbox.

In the HTML file generated when Flash is released, the attributes of the <object> and <embed> labels must be clear.

AllowNetworking:

This parameter controls the network access function of Flash files. Three values are available: all (all network APIs are available) and internal (except APIs that do not allow browser navigation and browser interaction) none (So network APIs are unavailable ).

AllowScriptAccess:

This is the security control for communication between AS and JS. RememberRole of ExternalInterface. There are three values: never (the call method of ExternalInterface cannot communicate with the JS script of HTML) and sameDomain (in the same domain, This is the default value) and always (this allows all domains, which is dangerous ).

AllowFullScreen:

Security issues in full screen mode. This is a boolean value. The default value is false. Full Screen Flash is not allowed. Does full screen bring security issues like user interface spoofing? I am not very clear.

The above three attributes have to be differentiated. Security problems