| Package | flash.system |
| Class | public final class Security |
| Inheritance | Security  Object |
| Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
See also
| Property | Defined By | ||
|---|---|---|---|
 | constructor : Object A reference to the class object or constructor function for a given object instance. | Object | |
| exactSettings : Boolean [static] Determines how Flash Player or AIR chooses the domain to use for certain
content settings, including settings for camera and microphone
permissions, storage quotas, and storage of persistent shared objects. | Security | ||
| prototype : Object [static] A reference to the prototype object of a class or function object. | Object | |
| sandboxType : String [static] [read-only] Indicates the type of security sandbox in which the calling file is operating. | Security | ||
| Method | Defined By | ||
|---|---|---|---|
[static] Lets SWF files in the identified domains access objects and variables
in the SWF file that contains the allowDomain() call. | Security | ||
[static] Lets SWF files and HTML files in the identified domains access objects
and variables in the calling SWF file, which is hosted by means of the HTTPS protocol. | Security | ||
| Indicates whether an object has a specified property defined. | Object | |
| Indicates whether an instance of the Object class is in the prototype chain of the object specified
as the parameter. | Object | |
[static] Looks for a policy file at the location specified by the url
parameter. | Security | ||
| Indicates whether the specified property exists and is enumerable. | Object | |
| Sets the availability of a dynamic property for loop operations. | Object | |
[static] Displays the Security Settings panel in Flash Player. | Security | ||
| Returns the string representation of the specified object. | Object | |
| Returns the primitive value of the specified object. | Object | |
| Constant | Defined By | ||
|---|---|---|---|
| LOCAL_TRUSTED : String = "localTrusted" [static] The file is a local file and has been trusted by the user,
using either the Flash Player Settings Manager or a FlashPlayerTrust configuration
file. | Security | ||
| LOCAL_WITH_FILE : String = "localWithFile" [static] The file is a local file, has not been trusted by the user,
and was not published with a networking designation. | Security | ||
| LOCAL_WITH_NETWORK : String = "localWithNetwork" [static] The file is a local file, has not been trusted by the user, and
was published with a networking designation. | Security | ||
| REMOTE : String = "remote" [static] The file is from an Internet URL and operates under domain-based sandbox rules. | Security | ||
| exactSettings | property |
Hide Inherited Public Properties
Show Inherited Public PropertiesexactSettings:Boolean [read-write] | Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
Determines how Flash Player or AIR chooses the domain to use for certain
content settings, including settings for camera and microphone
permissions, storage quotas, and storage of persistent shared objects.
To have the SWF file use the same settings that were used in Flash Player 6,
set
exactSettings
to
false
.
public static function get exactSettings():Boolean public function set exactSettings(value:Boolean):voidSecurityError —
A Flash Player or AIR application already used the value of
exactSettings
at least once in a decision about player settings.
|
See also
| sandboxType | property |
sandboxType:String [read-only] | Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
Indicates the type of security sandbox in which the calling file is operating.
Security.sandboxType
has one of the following values:
remote
(
Security.REMOTE
)—This file is from an Internet URL and operates under domain-based sandbox
rules.
localWithFile
(
Security.LOCAL_WITH_FILE
)—This file is a local file, has not been trusted by the user, and
it is not a SWF file that was published with a networking designation. The file may read from local data sources but may
not communicate with the Internet.
localWithNetwork
(
Security.LOCAL_WITH_NETWORK
)—This SWF file is a local file, has not been trusted by the user, and
was published with a networking designation. The SWF file can communicate with the Internet but cannot
read from local data sources.
localTrusted
(
Security.LOCAL_TRUSTED
)—This file is a local file and has been trusted by
the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data
sources and communicate with the Internet.
application
(
Security.APPLICATION
)—This file is
running in an AIR application, and it was installed with the package (AIR file) for that
application. By default, files in the AIR application sandbox can cross-script any file from any domain
(although files outside the AIR application sandbox may not be permitted to cross-script the AIR file).
By default, files in the AIR application sandbox can load content and data from any domain.
For more information related to security, see the following:
public static function get sandboxType():StringSee also
| allowDomain | () | method |
public static function allowDomain(... domains):void| Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
Parameters
... domains —
One or more strings or URLRequest objects that name the domains from which
you want to allow access. You can specify the special domain "*" to
allow access from all domains.
Specifying "*" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using Access Network Only for the Local Playback Security option in the Flash authoring tool. |
SecurityError — Calling this method from code in the AIR application security sandbox
throws a SecurityError exception. Content outside of the application security sandbox cannot cross-script
content in the application security sandbox. |
See also
| allowInsecureDomain | () | method |
public static function allowInsecureDomain(... domains):void| Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
The following scenario illustrates how
allowInsecureDomain()
can compromise security, if it is not used
with careful consideration.
Parameters
... domains —
One or more strings or URLRequest objects that name the domains from which
you want to allow access. You can specify the special domain "*" to
allow access from all domains.
Specifying "*" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using the Access Network Only option for the Local Playback Security setting (File > Publish Settings > Flash tab) in the Flash authoring tool. |
SecurityError — Calling this method from code in the AIR application security sandbox causes a
SecurityError exception to be thrown. Content outside of the application security sandbox cannot cross-script
content in the application security sandbox. |
See also
| loadPolicyFile | () | method |
public static function loadPolicyFile(url:String):void| Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
Looks for a policy file at the location specified by the
url
parameter. Adobe AIR and Flash Player use policy files to determine
whether to permit applications to load data from servers other than their own.
Note that even though the method name is
loadPolicyFile()
,
the file isn't actually loaded until a network request that requires a policy file is made.
By default, Flash Player or AIR looks for policy files in specific locations on the
server to which a data-loading request is being made. With
Security.loadPolicyFile()
,
Flash Player or AIR can
load policy files from arbitrary locations, as shown in the following example:
This causes Flash Player or AIR to attempt to retrieve a policy file from the specified URL. Any permissions granted by the policy file at that location will apply to all content at the same level or lower in the virtual directory hierarchy of the server.
You can use
loadPolicyFile()
to load any number of policy files. When considering a
request that requires a policy file, Flash Player or AIR always waits for the completion of any policy
file downloads before denying a request. As a final fallback, if no policy file specified with
loadPolicyFile()
authorizes a request, Flash Player or AIR consults the original default
locations.
When checking for a master policy file, Flash Player waits three seconds for a server response.
If a response isn't received, Flash Player assumes that no master policy file exists.
However, there is no default timeout value for calls to
loadPolicyFile()
;
Flash Player assumes that the file being called exists, and waits as long as necessary to load it.
Therefore, if you want to make sure that a master policy file is loaded, use
loadPolicyFile()
to call it explicitly.
You cannot load policy files that are served from commonly reserved ports. For a complete list of blocked ports, see "Restricting Networking APIs" in the security chapter of the Programming ActionScript 3.0 book.
Using the
xmlsocket
protocol along with a specific port number lets you retrieve
policy files directly from an XMLSocket server, as shown in the following example. Socket
connections are not subject to the reserved port restriction described above.
This causes Flash Player or AIR to attempt to retrieve a policy file from the specified host and port.
Upon establishing a connection with the
specified port, Flash Player or AIR transmits
<policy-file-request />
, terminated by a
null
byte. The server must send a null byte to terminate a policy file, and may thereafter close the connection;
if the server does not close the connection, Flash Player or AIR does so upon receiving the terminating
null
byte.
For more information related to security, see the following:
Parameters
url:String — The URL location of the policy file to be loaded. |
See also
| showSettings | () | method |
public static function showSettings(panel:String = "default"):void| Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
Displays the Security Settings panel in Flash Player. This method does not apply to content in Adobe AIR; calling it in an AIR application has no effect.
Parameters
panel:String (default = "default")SecurityPanel.DEFAULT
is used.
|
See also
| LOCAL_TRUSTED | Constant |
public static const LOCAL_TRUSTED:String = "localTrusted"| Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
The file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
See also
| LOCAL_WITH_FILE | Constant |
public static const LOCAL_WITH_FILE:String = "localWithFile"| Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
The file is a local file, has not been trusted by the user, and was not published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
See also
| LOCAL_WITH_NETWORK | Constant |
public static const LOCAL_WITH_NETWORK:String = "localWithNetwork"| Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
The file is a local file, has not been trusted by the user, and was published with a networking designation. The file can communicate with the Internet but cannot read from local data sources.
See also
| REMOTE | Constant |
public static const REMOTE:String = "remote"| Language Version: | ActionScript 3.0 |
| Runtime Versions: | 1.0, 9 |
The file is from an Internet URL and operates under domain-based sandbox rules.
See also
click
event on a Sprite object can be
used to show the Local Storage Settings panel of the Flash Player Settings. An orange box is added to the
stage using
draw()
. In
draw()
, a
click
event listener is
added named
clickHandler()
, which responds to
click
events by directing
Flash Player to open its Local Storage Settings panel.
package {
import flash.display.Sprite;
import flash.text.TextField;
import flash.events.*;
import flash.system.Security;
import flash.system.SecurityPanel;
public class SecurityExample extends Sprite {
private var bgColor:uint = 0xFFCC00;
private var size:uint = 100;
public function SecurityExample() {
draw();
}
private function draw():void {
var child:Sprite = new Sprite();
child.graphics.beginFill(bgColor);
child.graphics.drawRect(0, 0, size, size);
child.graphics.endFill();
child.buttonMode = true;
var label:TextField = new TextField();
label.text = "settings";
label.selectable = false;
label.mouseEnabled = false;
child.addChild(label);
child.addEventListener(MouseEvent.CLICK, clickHandler);
addChild(child);
}
private function clickHandler(event:MouseEvent):void {
Security.showSettings(SecurityPanel.LOCAL_STORAGE);
}
}
}