21 July 2008
Security is a key concern of Adobe. For this reason, Adobe Flash Player 9 includes a set of security rules and controls to safeguard users, website administrators, and content developers. This white paper provides an overview of the Flash Player security model. Specifically, the information in this paper applies to the security model implemented in the Flash Player 9 April 2008 Security Update (version 9,0,124,0).
Note: For information specific to the security model implemented in Flash Player 10,0,12, refer instead to the Adobe Flash Player 10 security white paper.
This white paper focuses on the security-relevant features of the Flash Player client runtime, including those introduced in earlier versions of the product. While not attempting to distinguish between versions, some references are included where changes in the security model or potential operation of applications designed and implemented in earlier versions of Flash Player may significantly differ from the target Flash Player environment described in the document.
Unless otherwise noted, this document assumes that the target platform for your development is Flash Player 9,0,124,0 running content that uses ActionScript 3.0. There are no distinctions in the runtime security model between applications created using different development tools, such as Adobe AIR, Adobe Flex Builder, the Adobe Flex SDK, or Adobe Flash.
In the section on URL policy files, this sentence was corrected:
This white paper is intended for the following audiences:
This document assumes that you are familiar with Flash and ActionScript, as well as with their related terms, authoring tools, and environments.
For more information about the Flash Player security, read Understanding Flash Player 9 April 2008 Security Update compatibility and Setting up a socket policy file server.