Publishing secure flash documents flash player, Publishing secure flash documents, Flash player – Adobe Flash Professional CC 2014 v.13.0 User Manual
Page 517
Exact domain matching
HTTPS/HTTP restriction
Publishing secure Flash documents
Flash Player 8 and later contain the following features that help you ensure the security of your Flash Pro documents:
Buffer overrun protection
Enabled automatically, this feature prevents the intentional misuse of external files in a Flash Pro document to overwrite a user’s memory or insert
destructive code such as a virus. This prevents a document from reading or writing data outside the document’s designated memory space on a
user’s system.
Exact domain matching for sharing data between Flash documents
Flash Player 7 and later enforce a stricter security model than earlier versions. The security model changed in two primary ways between Flash
Player 6 and Flash Player 7:
Flash Player 6 lets SWF files from similar domains (for example, www.adobe.com and store.adobe.com)
communicate freely with each other and with other documents. In Flash Player 7, the domain of the data to be accessed must match the data
provider’s domain exactly for the domains to communicate.
A SWF file that loads by using nonsecure (non-HTTPS) protocols cannot access content loaded by using a secure
(HTTPS) protocol, even when both protocols are in exactly the same domain.
For more information about ensuring that content performs as expected with the new security model, see Understanding security in
Local and network playback security
Flash Player 8 and later include a security model that lets you determine the local and network playback security for SWF files that you publish.
By default, SWF files are granted read access to local files and networks. However, a SWF file with local access cannot communicate with the
network, and the SWF file cannot send files or information to any networks.
Allow SWF files to access network resources, letting the SWF file send and receive data. If you grant the SWF file access to network resources,
local access is disabled, protecting information on the local computer from potentially being uploaded to the network.
To select the local or network playback security model for your published SWF files, use the Publish Settings dialog box.
Flash Player
Flash Player plays Flash Pro content in the same way as it appears in a web browser or an ActiveX host application. Flash Pro Player is installed
with the Flash Pro application. When you double-click Flash Pro content, the operating system starts Flash Player, which then plays the SWF file.
Use the player to make Flash Pro content viewable for users who aren’t using a web browser or an ActiveX host application.
To control Flash Pro content in Flash Player, use menu commands and the fscommand() function. For more information, see Sending messages
.
Use the Flash Player context menu to print Flash Pro content frames.
Do one of the following:
To open a new or existing file, select File > New, or Open.
To change your view of the application, select View > Magnification and make a selection.
To control Flash Pro content playback, select Control > Play, Rewind, or Loop Playback.
510