This section describes various local sandboxes for SwF placement.Permission
Flash Player defines the following permission types for local files:
Read locally.This permission applies to local SWF for the file system, but not to local SWF for the network. It includes loading data from an external file to an ActionScript variable. The data here comes from a file located in the local file system. An example of local URL format is given in the previous section "What is affected. The affected data loading operations are as follows:
Network transmission.This permission applies to local SWF for the network, but not to local SWF for the local file system. This permission includes sending data or requests to an Internet location or an HTTP server. This includes the following operations used with non-local urls:
Network read.The local SWF used by the network can be used to send packets over the network. Some network sending operations are one-way operations, and only send data without returning a reply. However, other network sending operations can receive a reply request. The latter operation is calledNetwork readOperation: the superset of the network sending operation. Although you need to obtain permissions from the original data domain, the local SWF for the network will still try to read the network. The following operations use a non-local URL:
SWF-HTML.This includes operations that allow SWF files to process HTML file scripts, and vice versa. Because security patterns between Flash Player and Web browsers may not match, in the three local sandboxes, only trusted local files have SWF-HTML permissions. These operations include:
Operations from SwF to HTML:
Operations from HTML to SwF:
Call the callback created using externalinterface. addcallback
If this sandbox containsUsenetwork, Then the local SWF will be placed in the sandbox. Although the tag only makes sense for Flash Player 8 and later versions, it can still be placed in any version of SWF. This tag can be created in either of the following ways:
When publishing from flash 8, in the "Release Settings" dialog box, select the flash tab and find the "local playback Security" option at the bottom, select "only access network" (see figure 1 ).
Figure 1.Set local playback security for network access only
Note: The usenetwork tag does not affect the SWF loaded over HTTP (these tags are always placed in the remote sandbox) or place the SWF in the Local Sandbox trusted by the user (they are always placed in the trusted local sandbox ). The usenetwork tag only affects the SWF that is placed in the local sandbox for file systems in other ways.Configure the file to a trusted local sandbox
If a local SWF (or HTML file) is placed in the local configuration of the user and specified as a trusted local path, the local SWF (or HTML file) will be placed in this sandbox. If the path or directory to a separate file is trustable, all the files in each selected directory and any of its subdirectories are trustable. Trust assignment can be completed in two ways:
Set the manager.You can access the security panel of the settings manager and manually add, edit, or delete trusted paths in the list (see figure 2 ).
Figure 2.Security Settings in Flash Player settings Manager
You may also use the "Ask/allow/deny" option in the Panel to make how Flash Player processes the old SWF (SwF for local file systems in versions 7 and earlier) global decision. The default value here is "Ask". In addition to displaying the warning dialog box, it will discard any operation that has been disabled. If "Always allow" is selected, operations that are prohibited are allowed to continue. Therefore, the default action of Flash Player 7 is returned. However, this setting does not affect SWF of version 8 or later. It only affects the content that has been developed before newer local rules are generated. Selecting "always deny" will cause all operations that have been disabled to fail and the dialog box is not displayed.
Note:The query/allow/deny option not only manages the local security prompt situation, but also manages the precise domain match prompts that have occurred since Flash Player 7.
Flashplayertrust configuration file.These are simple text files that list trusted paths. These files are created in executable installation steps. When the installer installs SWF on your computer, it can install a trusted configuration file and specify that SWF is trusted. When this practice does not show that the user explicitly decides each trusted SWF, the user has been implicitly given trust by running the installer, after all, it is an executable program. Flash Player can identify the trust configuration files in the following two locations: the locations that affect all users on the computer and the locations that only affect the current user. All user locations require management permissions at the operating system level. These locations are as follows:
All Windows users:
<System › \ macromed \ Flash \ flashplayertrust
(For exampleC: \ winnt \ system32 \ macromed \ Flash \ flashplayertrust)
Single Windows User:
<Application Data › \ Macromedia \ Flash Player \ # security \ flashplayertrust
(For exampleC: \ Documents and Settings \ Fred \ Application Data \ Macromedia \ Flash Player \ # security \ flashplayertrust)
All Mac OS users:
<Application support ›/Macromedia/flashplayertrust
(For example/Library/Application Support/Macromedia/flashplayertrust)
Single Mac OS User:
<Application Data ›/Macromedia/Flash Player/# Security/flashplayertrust
(For example/Users/Fred/library/preferences/Macromedia/Flash Player/# Security/flashplayertrust)
These locations are directories, not a single file. You can install any number of configuration files in these directories. Flash Player reads all the files found. The configuration file cannot be placed in the subdirectory of flashplayertrust; it must be directly placed in the directory of flashplayertrust. Independent configuration files can be named at will. To avoid naming conflicts, the installer should name these configuration files in a product-specific manner. The flashplayertrust directory does not necessarily exist in any given system, so the installer needs to create them.
The syntax of these files is simple: they contain any number of local paths, one in each line. Spaces and empty rows are allowed. It can contain comments with # characters. These comments are located at the end of a line. No quotation marks are required for paths that contain spaces (otherwise, the problem may occur ).
These files contain File System paths, which may contain non-ASCII characters on some users' computers. Therefore, the text encoding used in the flashplayertrust file is very important. Flash Player looks for Unicode byte order markup characters at the beginning of these files, recognizes UTF-8 and UTF-16 byte order markup, and correspondingly treats the rest of the files as UTF-8 or UTF-16. (For example, Windows notepad and Mac textedit can be used to write Unicode text files containing these byte-ordered markup characters. Many other text editors can also .) If Flash Player does not find the byte-ordered markup character at the beginning of the flashplayertrust file, it will use the current "code page" of the Computer (local encoding by default) to interpret the file.HTML sandbox
SWF determines its sandbox type by using the following read-only ActionScript properties:System. Security. sandboxtype
This property has one of the following four string values:
SWF in the sandbox for use by the local file system can perform local read operations, but does not perform network send or SWF-HTML operations.
If you use the debug version of Flash Player and connect it to the debugger In Macromedia Flash, when SWF in the sandbox tries an operation that has been disabled, you will see the diagnostic information on the output panel that describes the failed operation.
A security warning dialog box is displayed when a user plays a SwF with a published version of 7 or earlier in this sandbox and tries an operation that has been disabled, indicates that the content may have been suspended as scheduled due to changes to the local security rules of Flash Player 8 (see figure 3 ).
Figure 3.Security dialog box that reminds users of stopped operations
This dialog box appears at most once each time you run the program. Subsequent operations will not trigger it, but will fail without any prompts.
No matter what operations the user takes in the dialog box, the Operation will fail. However, if you click the "set" button, a new window showing the settings manager is opened. Here, you can trust the local content that has been disabled. If you select the "add location" command in "Settings manager" and view "Flash Player settings manager" in Figure 2 in a short time ", the prompt that the local SWF path has been disabled is displayed (see figure 4 ).
Figure 4.Use the "tip" prompt to specify a trusted location
You can choose to copy the path to the "trust this location" text box to trust a single SWF that can trigger this dialog box. Sometimes this is enough. However, sometimes an application is composed of multiple files and it is necessary to trust multiple files to make the application run as scheduled. (For details, see the following section about media collaboration .) Therefore, you must test to trust multiple files or include the complete directory of SwF that can trigger this dialog box.
If you make changes in the "Settings manager", you must restart the original application (usually by refreshing the browser) before the changes take effect ).
The preceding workflow is explained to the end user in the security panel document of the Setup Manager. To obtain step-by-step instructions on trusting local content, you can also access the Technical Instructions: how to make the local Flash content communicate with the Internet? *.Flashauthor. cfg
For end users, the local security warning dialog box only displays SWF versions 7 and earlier. This dialog box allows you to fix content earlier than Flash 8 affected by the new local security rule.
However, for the author of the Flash content, the security warning dialog box may be a useful indicator of the cause of failure. The author wishes to be notified immediately when any version of SwF attempts to be prohibited by local security rules.
To support this requirement, a variety of Macromedia creation tools (including Macromedia Flash 8) have been installed named flashauthor. the cfg file, indicating that Flash Player displays a warning dialog box when any SWF (regardless of any version) used by the local file system performs a forbidden operation. And any user can create this file freely. You can place the file in either of the following two locations, each of which is at the same level as the flashplayertrust directory:
All Windows users:
<System › \ macromed \ Flash \ flashauthor. cfg
(For exampleC: \ winnt \ system32 \ macromed \ Flash \ flashauthor. cfg)
Single Windows User:
<Application Data › \ Macromedia \ Flash Player \ # security \ flashauthor. cfg
(For exampleC: \ Documents and Settings \ Fred \ Application Data \ Macromedia \ Flash Player \ # security \ flashauthor. cfg)
All Mac OS users:
<Application support ›/Macromedia/flashauthor. cfg
(For example/Library/Application Support/Macromedia/flashauthor. cfg)
Single Mac OS User:
<Application Data ›/Macromedia/Flash Player/# Security/flashauthor. cfg
(For example/Users/Fred/library/preferences/Macromedia/Flash Player/# Security/flashauthor. cfg)
There is currently only one identifiable command in this file:
When you decide whether to display the warning dialog box in Figure 3, this command can cause Flash Player to ignore the SWF version.
Flashauthor. cfg can also contain spaces and comments indicated by # characters. The comments extend until the end of the row.
If you want to develop SWF content that is played as a local file,
LocalSecurityPrompt=AuthorThe command may not meet your needs because it prevents Flash Player from completely simulating the behavior of the end user. You can change the content of flashauthor. cfg
LocalSecurityPrompt=AuthorOther content to disable the behavior specified by the author. For example, you can comment out the line above or change it to something that is easy to understand, such:
Note that Macromedia Flash 8 will install flashauthor. cfg in both locations of all users and a single user. When flashauthor. cfg is displayed at both locations, Flash Player cash copies at a single user location, so make sure to edit a single user file.Local Sandbox behavior for network use
SWF in the local sandbox for network use can perform network sending operations, but cannot perform local read or SWF-HTML operations.
If you use the debug version of Flash Player and connect it to the debugger in flash, when the SWF in the sandbox tries a disabled operation, you will see the diagnostic information on the output panel that describes the failed operation.
The SwF in this sandbox does not display the security warning dialog box, because the generated content does not exist before the local security rule is changed, but still exists in the local sandbox for the network. From the end user's perspective, all operations in this sandbox that are prohibited will fail without any prompt.
The local SWF used by the network can be used to send packets over the network. Some network sending operations are one-way operations, and only send data without returning a reply. However, other network sending operations can receive a reply request. The latter operation is calledNetwork readOperation: the superset of the network sending operation. An example of network read operations isXML. Load ("http://mysite.com/data/schedule.xml "). Allows the local SWF used by the network to try network read operations. However, to comply with the global permission principle of Flash Player, so that the local SWF for network use can load data from a given domain, this domain must provide a policy file *, this file authorizes all domains to read relevant data and declarations
<allow-access-from domain="*" / › . In the preceding example, mysite.com must be in the default location (Http://mysite.com/crossdomain.xml) Or close to the required data (Http://mysite.com/data/crossdomain.xml. In the latter case, in order to notify Flash Player of a non-default location of the policy file, the loaded SWF needs to call the following file: