3 Replies Latest reply on Sep 15, 2006 7:51 AM by abeall

    Flash security model; completely confused

    abeall Level 3
      Really, does anybody understand it? Every article I read that allows comments, litterelly each comment is one person saying how the the previous person(s) are wrong in there interpretation of the security model.

      Flash 8 has been out for awhile now, and I've fully read dozens of articles and every page in the user reference under AS2.0 > Learning AS2.0 > Understanding security, and I am still utterly confused. Granted, I'm a bit slow with abstract comprehension, but I'm getting nowehere. I'm trying to send POST data to a remote server. Not trying to receive anything, just sending POST. Can't seem to get it to work on a server. What do I need to do?

      What I really need is a detailed and concise XYZ list: if you want to do X, you have to do ABCD, if you want to do Y, you have to do AD, if you want to to Z, you have to do CBA, ect. In that way I could at least figure out what it is I have to do, research how to do that, and get somewhere. Instead I'm confronted with numerous ways of handling security(allowScriptAccess, System.security.allowDomain, ExternalInterface, superdomain matching rules, creating serverside permission files, creating local registration files, different behavior in different SWF versions AND different behavior in different SWF Players! And much, much more!) And can't figure out what I need to do.

      (Sorry, got a bit ranty there... not blaming MM, it's not their fault they had to incorperate security measure)

      All I know is my SWF is not working. I want to be able to send some POST data to a remote server, compatable with Flash Player 6,7,and 8; I do not need to load any data. What must I do to allow this?

      Thanks for any guidence, it is much needed!
        • 1. Re: Flash security model; completely confused
          He or I should have to post to a wish list to get proper documentation on a security model that's hosed our apps.
          • 2. Re: Flash security model; completely confused
            kglad Adobe Community Professional & MVP
            your sending swf needs to allow the receiving swf to access data in the sending swf. so, your sending swf needs an allowDomain("receivingSWFdomain") statement.

            if your sending swf allows needs something from your receiving swf you'll also need an allowDomain("sendingSWFdomain") statement in your receving swf.
            • 3. Re: Flash security model; completely confused
              abeall Level 3
              In my case, there was no receiving SWF, only a sending SWF to a serverside page(.php or .asp or something, I don't remember).

              I don't even remember what I did to get it to work(my OP was 5 months ago... clearly someone has been searching for answers on Flash security, and, like me 5 months ago, have mostly found unsolved/unhelpful questions :-) )... I think I created a crossdomain.xml file. In the end, everything was deployed on the same domain, I believe the same subdomain as well.

              That is still a helpful tip, though... I'll try my best to remember allowDomain() if I ever need cross-domain SWF-to-SWF interaction.