Accessibility

What is Flash Player security for local content?

Table of Contents

  1. What is local content?
  2. What are the potential risks associated with local content?
  3. How does Flash Player security for local content work?
  4. How does local content become trusted?
  5. Conclusion
  6. Other resources

In Adobe® Flash® Player 9 software and later, certain types of local content are restricted from accessing data on your computer and sending it to the Internet without your knowledge or consent. This article describes what local content is and how Flash Player security for local content works.

What is local content?

Local content is any rich media content (such as files with a ".swf" or ".html" extension) that runs on your computer or local network, versus on a web server on the Internet. For example, rich media content played from your favorite website is not local content. A program that you run when you're not connected to the Internet is local content.

You can obtain local content in a number of ways:

  • By saving rich media content from the web
  • By saving rich media content from your email or running it from your email program
  • By running content on a CD or DVD
  • By testing content you've created locally, if you create rich media content

What are the potential risks associated with local content?

Most local content that you run on your computer will be from sources that you implicitly or explicitly trust, such as a program on a CD that you choose to install on your computer. However, you might also view rich media content from other sources that runs locally in your web browser, without explicitly trusting this content. Flash Player, by default, blocks any content that attempts to perform an action that Flash Player deems could be a security problem.

With Flash Player security, you are notified by a dialog box if local content that is not "trusted" attempts to communicate with the Internet. If you are prompted with the security warning dialog box, use care when deciding whether to allow that content to communicate with the Internet.

How Does Flash Player security for local content work?

Flash Player security helps ensure that content played back in Flash Player can't access information on your computer without your knowledge or permission. When Flash Player runs, it performs two main checks before playing the content. If the content doesn't pass these checks, the content is stopped and cannot perform any further action. Flash Player notifies you that there is a potential security risk and prompts you to take action in order to run the content. Because of the potential risks to your privacy, this security feature cannot be disabled.

During the first check, Flash Player determines whether the content is running locally or on the Internet. If the content is on a website, there is no risk because it is running within a framework that prevents access to your information or local data. If the content is on your local computer or network, Flash Player proceeds to the second check.

During the second check, Flash Player determines if this content is trusted for local playback by checking a list of trusted content stored on your computer. Trusted content is allowed to proceed; content that is not trusted presents a potential risk and is stopped. At this point, Flash Player displays the Local Security warning dialog box:

Adobe Flash Player Security alert box

The Local Security warning dialog box appears if there is a potential security risk with local content that is running.

The warning dialog box contains a few key pieces of information:

  • The location of the local content or application that is trying to communicate with the Internet
  • Either the web address (URL) or another application that has access to the Internet with which the content is attempting to communicate

If you do not recognize or do not trust the content, you can click OK to close the dialog box. Depending on how the content is designed, it may continue to run or it may appear to be broken — in either case, the content will not be able to perform actions that Flash Player considers a security risk.

If you want to play content that you know is safe and want to prevent the dialog box from appearing in the future, you can click Settings to add the content to the list of trusted content and applications that is stored on your computer. You will then need to restart the content so that it can use the new security settings. You do not need to restart your computer for the settings to take effect.

How does local content become trusted?

Local content can be designated as trusted so that it is not interrupted by this dialog box and is allowed to function as designed. This trust must be explicitly designated in one of two ways.

  • By running a software installation program in which the content in the application you install is already registered as trusted. When you run an installation program, you are explicitly allowing a program to be installed on your computer. Thus, the publisher of the application can automatically register the content with Flash Player as trusted.
  • By adding specific content or directories to a list of trusted files, through the Global Security Settings panel in the Flash Player Settings Manager. In this panel, you can designate specific content or even directories as trusted by manually registering locations with Flash Player. For step-by-step instructions on how to designate content as trusted, see the TechNote: How do I let local Flash content communicate with the Internet?

Conclusion

Security for local content is an important part of Flash Player and your web browsing experience. Many popular browsers have been updated to include similar security restrictions for local content, including Microsoft Internet Explorer with "Local Machine Zone Lockdown" in Service Pack 2.

Adobe recommends upgrading your Flash Player version to Flash Player 10 to take advantage of the most recent privacy and security protections that are available. 

Other Resources

Adobe takes consumers' privacy seriously and is committed to protecting the security of individuals' personal information on the web. We are dedicated to helping you maintain a more secure browsing experience by providing and continuously improving Flash Player privacy controls.