| window.runtime property | window.runtime.flash.system.Security |
| Inheritance | Security  Object |
| Runtime Versions: | AIR 1.0, |
Hide Inherited Public Properties
Show Inherited Properties| Property | Defined By | ||
|---|---|---|---|
 | constructor : Object
A reference to the class object or constructor function for a given object instance. | Object | |
| exactSettings : Boolean [static]
Determines how Flash Player or AIR chooses the domain to use for certain
content settings, including settings for camera and microphone
permissions, storage quotas, and storage of persistent shared objects. | Security | ||
| pageDomain : String [static] [read-only]
Get the page domain containing the swf. | Security | ||
| prototype : Object [static]
A reference to the prototype object of a class or function object. | Object | |
| sandboxType : String [static] [read-only]
Indicates the type of security sandbox in which the calling file is operating. | Security | ||
| Method | Defined By | ||
|---|---|---|---|
allowDomain(... domains):void [static]
Lets SWF files in the identified domains access objects and variables
in the SWF file that contains the allowDomain() call. | Security | ||
allowInsecureDomain(... domains):void [static]
Lets SWF files and HTML files in the identified domains access objects
and variables in the calling SWF file, which is hosted by means of the HTTPS protocol. | Security | ||
| hasOwnProperty(name:String):Boolean
Indicates whether an object has a specified property defined. | Object | |
| isPrototypeOf(theClass:Object):Boolean
Indicates whether an instance of the Object class is in the prototype chain of the object specified
as the parameter. | Object | |
loadPolicyFile(url:String):void [static]
Looks for a policy file at the location specified by the url
parameter. | Security | ||
| propertyIsEnumerable(name:String):Boolean
Indicates whether the specified property exists and is enumerable. | Object | |
| setPropertyIsEnumerable(name:String, isEnum:Boolean = true):void
Sets the availability of a dynamic property for loop operations. | Object | |
showSettings(panel:String = "default"):void [static]
Displays the Security Settings panel in Flash Player. | Security | ||
| toLocaleString():String
Returns the string representation of this object, formatted according to locale-specific conventions. | Object | |
| toString():String
Returns the string representation of the specified object. | Object | |
| valueOf():Object
Returns the primitive value of the specified object. | Object | |
| Constant | Defined By | ||
|---|---|---|---|
| APPLICATION : String = "application" [static]
The file is running in an AIR application, and it was installed with the package (the AIR file) for that
application. | Security | ||
| LOCAL_TRUSTED : String = "localTrusted" [static]
The file is a local file and has been trusted by the user,
using either the Flash Player Settings Manager or a FlashPlayerTrust configuration
file. | Security | ||
| LOCAL_WITH_FILE : String = "localWithFile" [static]
The file is a local file, has not been trusted by the user,
and it is not a SWF file that was published with a networking designation. | Security | ||
| LOCAL_WITH_NETWORK : String = "localWithNetwork" [static]
The file is a local file, has not been trusted by the user, and it is a SWF
file that was published with a networking designation. | Security | ||
| REMOTE : String = "remote" [static]
The file is from an Internet URL and operates under domain-based sandbox rules. | Security | ||
exactSettings | property |
exactSettings:Boolean| Runtime Versions: | AIR 1.0, |
Determines how Flash Player or AIR chooses the domain to use for certain
content settings, including settings for camera and microphone
permissions, storage quotas, and storage of persistent shared objects.
To have the SWF file use the same settings that were used in Flash Player 6,
set exactSettings to false.
This property is to be used in SWF content, not in JavaScript code in AIR applications.
Throws
SecurityError — A Flash Player or AIR application already used the value of exactSettings
at least once in a decision about player settings.
|
pageDomain | property |
pageDomain:String [read-only] | Runtime Versions: | 2.7 |
Get the page domain containing the swf. For security reasons, the method does not return the full URL, only the page domain, such as http://www.example.com.
sandboxType | property |
sandboxType:String [read-only] | Runtime Versions: | AIR 1.0, |
Indicates the type of security sandbox in which the calling file is operating.
Security.sandboxType has one of the following values:
remote(Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.localWithFile(Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.localWithNetwork(Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.localTrusted(Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.application(Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
For more information related to security, see the Flash Player Developer Center Topic: Security.
See also
allowDomain | () | method |
public function allowDomain(... domains):void| Runtime Versions: | AIR 1.0, |
This method applies to cross-scripting of ActionScript 3.0 code (in SWF content). It does not apply to JavaScript code running in HTML-based AIR applications.
Parameters
... domains — One or more strings or URLRequest objects that name the domains from which
you want to allow access. You can specify the special domain "*" to
allow access from all domains.
In Flash Professional, specifying "*" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using Access Network Only for the Local Playback Security option in the Flash authoring tool. Note:
The wildcard value does not work for subdomains. For example, you cannot use |
Throws
SecurityError — Calling this method from code in the AIR application security sandbox
throws a SecurityError exception. Content outside of the application security sandbox cannot cross-script
content in the application security sandbox.
|
See also
allowInsecureDomain | () | method |
public function allowInsecureDomain(... domains):void| Runtime Versions: | AIR 1.0, |
This method applies to cross-scripting of ActionScript 3.0 code (in SWF content). It does not apply to JavaScript code running in HTML-based AIR applications.
The following scenario illustrates howallowInsecureDomain() can compromise security, if it is not used
with careful consideration.
Parameters
... domains — One or more strings or URLRequest objects that name the domains from which
you want to allow access. You can specify the special domain "*" to
allow access from all domains.
Specifying "*" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using the Access Network Only option for the Local Playback Security setting (File > Publish Settings > Flash tab) in the Flash authoring tool. Note:
The wildcard value does not work for subdomains. For example, you cannot use |
Throws
SecurityError — Calling this method from code in the AIR application security sandbox causes a
SecurityError exception to be thrown. Content outside of the application security sandbox cannot cross-script
content in the application security sandbox.
|
See also
loadPolicyFile | () | method |
public function loadPolicyFile(url:String):void| Runtime Versions: | AIR 1.0, |
Looks for a policy file at the location specified by the url
parameter. Adobe AIR and Flash Player use policy files to determine
whether to permit applications to load data from servers other than their own.
Note that even though the method name is loadPolicyFile(),
the file isn't actually loaded until a network request that requires a policy file is made.
With Security.loadPolicyFile(), Flash Player or AIR can
load policy files from arbitrary locations, as shown in the following example:
air.Security.loadPolicyFile("http://www.example.com/sub/dir/pf.xml");
This causes Flash Player or AIR to attempt to retrieve a policy file from the specified URL. Any permissions granted by the policy file at that location will apply to all content at the same level or lower in the virtual directory hierarchy of the server.
You can use loadPolicyFile() to load any number of policy files. When considering a
request that requires a policy file, Flash Player or AIR always waits for the completion of any policy
file downloads before denying a request. As a final fallback, if no policy file specified with
loadPolicyFile() authorizes a request, Flash Player or AIR consults the original default
locations.
When checking for a master policy file, Flash Player waits three seconds for a server response.
If a response isn't received, Flash Player assumes that no master policy file exists.
However, there is no default timeout value for calls to loadPolicyFile();
Flash Player assumes that the file being called exists, and waits as long as necessary to load it.
Therefore, if you want to make sure that a master policy file is loaded, use loadPolicyFile()
to call it explicitly.
You cannot connect to commonly reserved ports. For a complete list of blocked ports, see "Restricting Networking APIs" in the ActionScript 3.0 Developer's Guide.
Using the xmlsocket protocol along with a specific port number lets you retrieve
policy files directly from an XMLSocket server, as shown in the following example. Socket
connections are not subject to the reserved port restriction described above.
air.Security.loadPolicyFile("xmlsocket://foo.com:414");
This causes Flash Player or AIR to attempt to retrieve a policy file from the specified host and port.
Upon establishing a connection with the
specified port, Flash Player or AIR transmits <policy-file-request />, terminated by a
null byte. The server must send a null byte to terminate a policy file, and may thereafter close the connection;
if the server does not close the connection, Flash Player or AIR does so upon receiving the terminating
null byte.
For more information related to security, see the Flash Player Developer Center Topic: Security.
Parameters
url:String — The URL location of the policy file to be loaded.
|
See also
showSettings | () | method |
public function showSettings(panel:String = "default"):void| Runtime Versions: | AIR 1.0, |
Displays the Security Settings panel in Flash Player. This method does not apply to content in Adobe AIR; calling it in an AIR application has no effect.
Parameters
panel:String (default = "default")SecurityPanel.DEFAULT is used.
|
APPLICATION | Constant |
public static const APPLICATION:String = "application"| Runtime Versions: | 1.0 |
The file is running in an AIR application, and it was installed with the package (the AIR file) for that application. This content is included in the AIR application resource directory (where the application content is installed).
See also
LOCAL_TRUSTED | Constant |
public static const LOCAL_TRUSTED:String = "localTrusted"| Runtime Versions: | AIR 1.0, |
The file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
See also
LOCAL_WITH_FILE | Constant |
public static const LOCAL_WITH_FILE:String = "localWithFile"| Runtime Versions: | AIR 1.0, |
The file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. In Adobe AIR, the local file is not in the application resource directory; such files are put in the application security sandbox. The file may read from local data sources but may not communicate with the Internet.
See also
LOCAL_WITH_NETWORK | Constant |
public static const LOCAL_WITH_NETWORK:String = "localWithNetwork"| Runtime Versions: | AIR 1.0, |
The file is a local file, has not been trusted by the user, and it is a SWF file that was published with a networking designation. The file can communicate with the Internet but cannot read from local data sources.
See also
REMOTE | Constant |
public static const REMOTE:String = "remote"| Runtime Versions: | AIR 1.0, |
The file is from an Internet URL and operates under domain-based sandbox rules.
See also
Thu Sep 29 2011, 02:34 AM -07:00