| Package | flash.system |
| Class | public final class Security |
| Inheritance | Security  Object |
| Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
See also
| Property | Defined By | ||
|---|---|---|---|
 | constructor : Object
A reference to the class object or constructor function for a given object instance. | Object | |
| exactSettings : Boolean [static]
Determines how Flash Player or AIR chooses the domain to use for certain
content settings, including settings for camera and microphone
permissions, storage quotas, and storage of persistent shared objects. | Security | ||
| prototype : Object [static]
A reference to the prototype object of a class or function object. | Object | |
| sandboxType : String [static] [read-only]
Indicates the type of security sandbox in which the calling file is operating. | Security | ||
| Method | Defined By | ||
|---|---|---|---|
[static]
Lets SWF files files in the identified domains access objects and variables
in the SWF file that contains the allowDomain() call. | Security | ||
[static]
Lets SWF files and HTML files in the identified domains access objects
and variables in the calling SWF file, which is hosted by means of the HTTPS protocol. | Security | ||
|
Indicates whether an object has a specified property defined. | Object | |
|
Indicates whether an instance of the Object class is in the prototype chain of the object specified
as the parameter. | Object | |
[static]
Loads a cross-domain policy file from a location specified by the url
parameter. | Security | ||
|
Indicates whether the specified property exists and is enumerable. | Object | |
|
Sets the availability of a dynamic property for loop operations. | Object | |
[static]
Displays the Security Settings panel in Flash Player. | Security | ||
|
Returns the string representation of the specified object. | Object | |
|
Returns the primitive value of the specified object. | Object | |
| Constant | Defined By | ||
|---|---|---|---|
| LOCAL_TRUSTED : String = "localTrusted" [static]
The file is a local file and has been trusted by the user,
using either the Flash Player Settings Manager or a FlashPlayerTrust configuration
file. | Security | ||
| LOCAL_WITH_FILE : String = "localWithFile" [static]
The file is a local file, has not been trusted by the user,
and was not published with a networking designation. | Security | ||
| LOCAL_WITH_NETWORK : String = "localWithNetwork" [static]
The file is a local file, has not been trusted by the user, and
was published with a networking designation. | Security | ||
| REMOTE : String = "remote" [static]
The file is from an Internet URL and operates under domain-based sandbox rules. | Security | ||
| exactSettings | property |
Hide Inherited Public Properties
Show Inherited Public PropertiesexactSettings:Boolean [read-write] | Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
Determines how Flash Player or AIR chooses the domain to use for certain
content settings, including settings for camera and microphone
permissions, storage quotas, and storage of persistent shared objects.
You may set exactSettings to false in order
to have the SWF file use the same settings that were used in Flash Player 6.
public static function get exactSettings():Boolean public function set exactSettings(value:Boolean):voidSecurityError — A Flash Player or AIR application already used the value of exactSettings
at least once in a decision about player settings.
|
See also
| sandboxType | property |
sandboxType:String [read-only] | Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
Indicates the type of security sandbox in which the calling file is operating.
Security.sandboxType has one of the following values:
remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox
rules.localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and
it is not a SWF file that was published with a networking designation. The file may read from local data sources but may
not communicate with the Internet.localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and
was published with a networking designation. The SWF file can communicate with the Internet but cannot
read from local data sources.localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by
the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data
sources and communicate with the Internet.application (Security.APPLICATION)—This file is
running in an AIR application, and it was installed with the package (AIR file) for that
application. By default, files in the AIR application sandbox can cross-script any file from any domain
(although files outside of the AIR application sandbox may not be permitted to cross-script the AIR file).
By default, files in the AIR application sandbox can load content and data from any domain. For more information related to security, see the following:
public static function get sandboxType():StringSee also
| allowDomain | () | method |
public static function allowDomain(... domains):void| Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
Parameters
... domains — One or more strings or URLRequest objects that name the domains from which
you want to allow access. You can specify the special domain "*" to
allow access from all domains.
Specifying "*" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using Access Network Only for the Local Playback Security option in the Flash authoring tool. |
SecurityError — Calling this method from code in the AIR application security sandbox
causes a SecurityError exception to be thrown. Content outside of the application security sandbox cannot cross-script
content in the application security sandbox.
|
See also
| allowInsecureDomain | () | method |
public static function allowInsecureDomain(... domains):void| Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
Parameters
... domains — One or more strings or URLRequest objects that name the domains from which
you want to allow access. You can specify the special domain "*" to
allow access from all domains.
Specifying "*" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using the Access Network Only option for the Local Playback Security setting (File > Publish Settings > Flash tab) in the Flash authoring tool. |
SecurityError — Calling this method from code in the AIR application security sandbox causes a
SecurityError exception to be thrown. Content outside of the application security sandbox cannot cross-script
content in the application security sandbox.
|
See also
| loadPolicyFile | () | method |
public static function loadPolicyFile(url:String):void| Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
Loads a cross-domain policy file from a location specified by the url
parameter. Adobe AIR and Flash Player use policy files to determine
whether to permit applications to load data from servers other than their own.
By default, Flash Player or AIR looks for policy files in specific locations on the
server to which a data-loading request is being made. With Security.loadPolicyFile(),
Flash Player or AIR can
load policy files from arbitrary locations, as shown in the following example:
This causes Flash Player or AIR to retrieve a policy file from the specified URL. Any permissions granted by the policy file at that location will apply to all content at the same level or lower in the virtual directory hierarchy of the server.
You can use loadPolicyFile() to load any number of policy files. When considering a
request that requires a policy file, Flash Player or AIR always waits for the completion of any policy
file downloads before denying a request. As a final fallback, if no policy file specified with
loadPolicyFile() authorizes a request, Flash Player or AIR consults the original default
locations.
Using the xmlsocket protocol along with a specific port number lets you retrieve
policy files directly from an XMLSocket server, as shown in the following example:
For more information related to security, see the following:
Parameters
url:String — The URL location of the cross-domain policy file to be loaded.
|
See also
| showSettings | () | method |
public static function showSettings(panel:String = "default"):void| Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
Displays the Security Settings panel in Flash Player. This method does not apply to content in Adobe AIR; calling it in an AIR application has no effect.
Parameters
panel:String (default = "default")SecurityPanel.DEFAULT is used.
|
See also
| LOCAL_TRUSTED | Constant |
public static const LOCAL_TRUSTED:String = "localTrusted"| Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
The file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
See also
| LOCAL_WITH_FILE | Constant |
public static const LOCAL_WITH_FILE:String = "localWithFile"| Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
The file is a local file, has not been trusted by the user, and was not published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
See also
| LOCAL_WITH_NETWORK | Constant |
public static const LOCAL_WITH_NETWORK:String = "localWithNetwork"| Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
The file is a local file, has not been trusted by the user, and was published with a networking designation. The file can communicate with the Internet but cannot read from local data sources.
See also
| REMOTE | Constant |
public static const REMOTE:String = "remote"| Language Version : | ActionScript 3.0 |
| Player Version : | Flash Player 9 |
The file is from an Internet URL and operates under domain-based sandbox rules.
See also
click event on a Sprite object can be
used to show the Local Storage Settings panel of the Flash Player Settings. An orange box is added to the
stage using draw(). In draw(), a click event listener is
added named clickHandler(), which responds to click events by directing
Flash Player to open its Local Storage Settings panel.
package {
import flash.display.Sprite;
import flash.text.TextField;
import flash.events.*;
import flash.system.Security;
import flash.system.SecurityPanel;
public class SecurityExample extends Sprite {
private var bgColor:uint = 0xFFCC00;
private var size:uint = 100;
public function SecurityExample() {
draw();
}
private function draw():void {
var child:Sprite = new Sprite();
child.graphics.beginFill(bgColor);
child.graphics.drawRect(0, 0, size, size);
child.graphics.endFill();
child.buttonMode = true;
var label:TextField = new TextField();
label.text = "settings";
label.selectable = false;
label.mouseEnabled = false;
child.addChild(label);
child.addEventListener(MouseEvent.CLICK, clickHandler);
addChild(child);
}
private function clickHandler(event:MouseEvent):void {
Security.showSettings(SecurityPanel.LOCAL_STORAGE);
}
}
}