Flash Player 8 security restriction is a headache for developers, especially for these e-Learning courseware developers, because we need to develop Flash content playback locally or in a CD-Rom. Firstly, if you develop content with a Flash 8 exe projector, it does not have any restriction. However, we usually need to develop content running in browser and interact with JavaScript (e.g. calling AICC APIs), so Flash 8 security restriction must be a big challenge to developers. Although Macromedia has released many documentations: Macromedia Flash Player 8 Security White Paper (pdf), Macromedia Flash Player 8 Security-Related APIs White Paper (pdf) and Devnet article: Security Changes in Flash Player 8.
However, these documentations are too technical oriented, too many pages, too heavy and too hard for human to understand. The most important is no scenario usage example. I was easily falling asleep when reading them. Based on the basic principle I understand, Flash 8 restricted local SWF can either access Local-with-filesystem, Local-with-networking, Local-trusted.
I did the testing and summary here. I use Flash Player 8.0.22 and Flash Player 8.5 (alpha r133 & beta r212) to test. Suppose your main SWF is published in Flash 8 as Flash 8 SWF (local/network), Flash 7 SWF (local/network) and published in Flash MX 2004 as Flash 7 SWF. No Global Security Settings have made, just like a normal end-user machine config.
| load other SWF (same folder or sub-folder) with loadMovie | ||||
| Flash 8 | allow local | OK | allow network | OK |
| Flash 7 Pusblished by Flash 8 | allow local | OK | allow network | OK |
| Flash 7 Published by Flash MX 2004 | OK | |||
| Note: External swf cannot be loaded if their local playback security setting does not match with main SWF (i.e an allow local SWF cannot load an allow network SWF, vice versa).
Note: If SWF is published by Flash MX 2004 (i.e. without local playback security setting), both an allow local/network SWF can load it. |
||||
| getURL to other html page (same folder or sub-folder) locally | ||||
| Flash 8 | allow local | OK | allow network | OK |
| Flash 7 Pusblished by Flash 8 | allow local | OK | allow network | OK |
| Flash 7 Published by Flash MX 2004 | OK | |||
| getURL to internet html page (e.g. google.com) | ||||
| Flash 8 | allow local | Fail silently | allow network | OK |
| Flash 7 Pusblished by Flash 8 | allow local | OK | allow network | OK |
| Flash 7 Published by Flash MX 2004 | OK | |||
| load data from same folder or sub-folder locally with LoadVar(sendAndLoad) /XML | ||||
| Flash 8 | allow local | OK | allow network | Fail |
| Flash 7 Pusblished by Flash 8 | allow local | OK | allow network | Fail |
| Flash 7 Published by Flash MX 2004 | OK | |||
| load data from internet with LoadVar(sendAndLoad) / XML | ||||
| Flash 8 | allow local | Fail with Warning | allow network | OK (with crossdomain.xml Fail (without crossdomain.xml) |
| Flash 7 Pusblished by Flash 8 | allow local | OK | allow network | OK (with crossdomain.xml Fail (without crossdomain.xml) |
| Flash 7 Published by Flash MX 2004 | OK | |||
| Calling JavaScript with getURL | ||||
| Flash 8 | allow local | Fail | allow network | Fail |
| Flash 7 Pusblished by Flash 8 | allow local | OK | allow network | OK |
| Flash 7 Published by Flash MX 2004 | OK | |||
| Calling JavaScript with ExternalInterface | ||||
| Flash 8 | allow local | Fail | allow network | Fail |
Conclusion From the table, you will see it is a sadly result that e-Learning developers cannot benefit with the new Flash 8 features if we publish the content in Flash 8 SWF, because we are highly relied on calling JavaScript and Internet data exchange. Unless we do the manually configuration on end-users’ machine, set up a local-trusted sandbox for our Flash content. What about CD-Rom distributed content? Need to do an installation first?
You could use a 3rd party application. If you’re distributing on CD then the most important requirement is that it works.
A program like Northcode’s SWF Studio doesn’t suffer from local security issues and provides a lot of other features.
Just an option.
Im happy to read this message, i’ve been looking everywhere information about flash content running from a CD…
When i read this i understand that actually if i publish all my content in Flash MX as flash 7 it wil actually work and wont send any system security message (click on the link)?
http://www.ram-reclame.nl/nieuwsbrief/Afbeelding1.jpg
i found on another site that exporting as a projector will avoid any of the security issues in F8. This does not help if you are developing flash content for use on CD in an HTML environment
http://board.flashkit.com/board/archive/index.php/t-652586.html
hth
mm66
http://www.whenpenguinsattack.com/2006/07/13/flash-8-and-security/
Hi!
I want to extend my SQL experience.
I red really many SQL books and want to
get more about SQL for my position as db2 database manager.
What would you recommend?
Thanks,
Werutz