Sunday, March 12, 2006

Flash 8 and Security

By Justin Silverton

I recently came across the following message when I tried to run a flash program on a client's machine:

The security dialog comes up because when you fire getURL() with Local Playback Security set to
"Access Local Files only" it sees the getURL call as a request for network resource (and pops up the
security dialog).

If you then set Local Playback Security set to "Access Network".... Normally that would allow the
call access to the network. But the requested communication is actually between a local SWF and a
local HTML file, so it sees that as a local file accessing a local file, which is outside of what's
allowed when LPS is set to "Access Network". Which results in a Flash Player 8 Security Sandbox dialog .

For Developers, there are three ways to solve the above issue:

1. The end user has to use the Settings Manager to set local file security to "Always Allow" AND
they have to add the path to the file as a trusted path.
The direct path to this section of the online Settings Manager is
The default is 'always ask'. Change that to 'Always Allow'.
Then add the path to your local content to the trusted locations. For example, if your content
is on a CD-ROM then you'd add the path to the CD (for example, "F:/").

Doing these two things is essentially enabling a local Trust File. Settings manager then
writes the trust file settings for you, to the #SharedObjects (which is obfuscated so nobody can
crack it)
So that's how you can do it if your users are internet-connected and you feel they're savvy
enough to handle the steps.

What if your users are not internet connected? In that case you have to manually add the trust file
to one of two locations:

2. You can create a trust file in C:\Documents and Settings\\Application
Data\Macromedia\Flash Player\#Security\FlashPlayerTrust.
The name of the file can be whatever you want.
The only minimum thing in the file is one line of text that's the path you want to trust.
Additional paths can be one per line.
Do this if you just want to set up trust for one unique user account on that machine.

3. You can create a trust file in C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust.
This is the same trust file as step #2, but sets it for all the users on this machine.
The catch here is that you have to be an admin on the machine to create this trust file.

Options #2 and #3 are obviously also available to end users who do have internet connections but
whom you might not want to direct to the Flash Player Settings Manager.


  • And what do you do if you are developing CDs for use in classrooms on computers with multiple users?

    By Anonymous Anonymous, at 2:15 PM  

  • you have the fix automatically load into the users documents and settings folder (an API call in windows can get the current user's documents and settings folder). I have already created a fix for an app and it worked with multiple users. You can also use the fix that adds to the c:\windows\system32 folder, if you can get admin access.

    By Blogger justin silverton, at 2:34 PM  

Post a Comment

Links to this post:

Create a Link

<< Home