This content has been marked as final. Show 6 replies
You need to place your application into the local-trusted sandbox. This is a list of the directories where SWFs are located that can be trusted to use both the network and the local system.
Check the Flex 2 documentation about the local-trusted sandbox and this Flash Player security article: http://www.adobe.com/devnet/flashplayer/articles/flash_player_8_security.pdf
Ok. In the document you indicate I read:
"Depending on whether Flash Player will be embedded in a nonbrowser application, one of two strategies may be appropriate: register SWF files and HTML files to be trusted, or register applications to be trusted."
If I understand well, in my case I must deploy the executable setup files in the
directory, or place the HTML and SWF file in that directory.
None of them is an option for me, because the user DOES NOT WANT to install anything on its PC, he just want to browse for the applications that reside on the CDROM.
The fact is: I do not want to place my application in the local-trusted sandbox, if this means that I have to "install" the application.
Am I missing something? Is there a way to tell the application that
1) The files on CDROM are "trusted" -- or ---
2) The Web Sites my application links to, are "trusted"...?
You don't need to put the SWF into the trusted directory, you just have to have the directory where the SWF will be launched from in the local-trusted list. Which means the end-user has to take some action. It could be by running a small set-up program from the CD which puts the CD's directory (eg, D:\) into the local-trusted list.
Our security system is set up to prevent people from deploying SWFs which could be harmful. Any action to be done on the end-user's computer (accessing camera, microphone, files) MUST be acknowledged by the end-user. Having the end-user register your app as local-trusted is part of that security. We do not want anything to be automatic by design.
Hey Alessio: How did you fix this ? I am running into something similar but don't know how to resolve it?
I simply was not able to fix that. I am rather convinced that the security options of FLEX are way to strong and they actually prevent you to develop an application the way you want.
Anyway, I chose the option
so the user can install an application from the CDROM, but he will not be able to navigate outside by clicking on a URL. (The "trust" options of the above answers do not apply, since I must release my application to unknown customers...)
Still I do not understand why opening a browser URL is considered SO DANGEROUS by the Flex engine...
It is not the Flex engine. It is both the Flash Player and the browser together.
It is required because html pages pass through firewalls and html pages host swfs. Having a malicious swf behind a firewall that can communicate with its masters is hideously dangerous.
Gooogle this, you will find all the discussion you could ever want.
Note, you can run your Flex app in AIR without such extreme security restrictions.