Flash CS3 Documentation 
Flash CS3 Documentation |
|||
| Learning ActionScript 2.0 in Adobe Flash > Understanding Security > About domains, cross-domain security, and SWF files | |||
|
|||
|
|||
|
|||
By default, Flash Player 7 and later versions prevent a SWF file served from one domain from reading data, objects, or variables from SWF files that are served from different domains. In addition, content that is loaded through nonsecure (non-HTTPS) protocols cannot read content loaded through a secure (HTTPS) protocol, even when both are in exactly the same domain. For example, a SWF file located at http://www.adobe.com/main.swf cannot load data from https://www.adobe.com/data.txt without explicit permission; neither can a SWF file served from one domain load data (using loadVars(), for example) from another domain.
Identical numeric IP addresses are compatible. However, a domain name is not compatible with an IP address, even if the domain name resolves to the same IP address.
The following table shows examples of compatible domains:
|
www.adobe.com |
www.adobe.com |
|
data.adobe.com |
data.adobe.com |
|
65.57.83.12 |
65.57.83.12 |
The following table shows examples of incompatible domains:
|
www.adobe.com |
data.adobe.com |
|
adobe.com |
www.adobe.com |
|
www.adobe.com |
adobe.com |
|
65.57.83.12 |
www.adobe.com (even if this domain resolves to 65.57.83.12) |
|
www.adobe.com |
65.57.83.12 (even if www.adobe.com resolves to this IP address) |
Flash Player 8 and later does not allow local SWF files to communicate with the Internet without a proper configuration. For information on setting up a configuration file to test content locally, see Creating configuration files for Flash development.
For more information on security, see www.adobe.com/devnet/security/ and www.adobe.com/software/flashplayer/security/.
For more information, see the following topics:
Flash CS3