Adobe® AIR® API Reference for HTML Developers
Home  |  Show Classes List |  Index  |  Appendixes

Language Reference only       
Security 
3D:
Context3D
Context3DBlendFactor
Context3DClearMask
Context3DCompareMode
Context3DProgramType
Context3DRenderMode
Context3DStencilAction
Context3DTextureFormat
Context3DTriangleFace
Context3DVertexBufferFormat
CubeTexture
IndexBuffer3D
Program3D
Stage3D
Texture
VertexBuffer3D
Air.net:
ServiceMonitor
SocketMonitor
URLMonitor
Air.update:
ApplicationUpdater
ApplicationUpdaterUI
DownloadErrorEvent
StatusFileUpdateErrorEvent
StatusFileUpdateEvent
StatusUpdateErrorEvent
StatusUpdateEvent
UpdateEvent
Data:
EncryptedLocalStore
SQLCollationType
SQLColumnNameStyle
SQLColumnSchema
SQLConnection
SQLError
SQLErrorEvent
SQLErrorOperation
SQLEvent
SQLIndexSchema
SQLMode
SQLResult
SQLSchema
SQLSchemaResult
SQLStatement
SQLTableSchema
SQLTransactionLockType
SQLTriggerSchema
SQLUpdateEvent
SQLViewSchema
Desktop:
Clipboard
ClipboardFormats
ClipboardTransferMode
DockIcon
Icon
InteractiveIcon
NativeApplication
NativeProcess
NativeProcessStartupInfo
NotificationType
SystemTrayIcon
Display:
BitmapData
NativeMenu
NativeMenuItem
Screen
Stage
StageDisplayState
StageQuality
Events:
ActivityEvent
AsyncErrorEvent
BrowserInvokeEvent
DataEvent
DatagramSocketDataEvent
DNSResolverEvent
DRMAuthenticateEvent
DRMStatusEvent
ErrorEvent
Event
EventDispatcher
FileListEvent
HTTPStatusEvent
InvokeEvent
InvokeEventReason
IOErrorEvent
LocationChangeEvent
MouseEvent
NativeProcessExitEvent
NetDataEvent
NetMonitorEvent
NetStatusEvent
OutputProgressEvent
ProgressEvent
SampleDataEvent
SecurityErrorEvent
ServerSocketConnectEvent
StatusEvent
StorageVolumeChangeEvent
TimerEvent
UncaughtErrorEvent
UncaughtErrorEvents
File:
File
FileMode
FileStream
StorageVolume
StorageVolumeInfo
Functions:
trace()
generateRandomBytes()
navigateToURL()
sendToURL()
Geom:
Matrix
Point
Rectangle
Media:
AudioDecoder
AudioPlaybackMode
H264Level
H264Profile
H264VideoStreamSettings
ID3Info
InputMediaStream
Microphone
MicrophoneEnhancedMode
MicrophoneEnhancedOptions
Sound
SoundChannel
SoundCodec
SoundLoaderContext
SoundMixer
SoundTransform
VideoCodec
VideoStatus
VideoStreamSettings
Native window:
NativeWindow
NativeWindowBoundsEvent
NativeWindowDisplayState
NativeWindowDisplayStateEvent
NativeWindowInitOptions
NativeWindowRenderMode
NativeWindowResize
NativeWindowSystemChrome
NativeWindowType
Net:
AAAARecord
ARecord
CertificateStatus
DatagramSocket
DNSResolver
FileFilter
InterfaceAddress
IPVersion
LocalConnection
MXRecord
NetConnection
NetMonitor
NetStreamAppendBytesAction
NetStreamMulticastInfo
NetworkInfo
NetworkInterface
ObjectEncoding
PTRRecord
ResourceRecord
Responder
SecureSocket
ServerSocket
SharedObject
SharedObjectFlushStatus
Socket
SRVRecord
URLLoader
URLLoaderDataFormat
URLRequest
URLRequestDefaults
URLRequestHeader
URLRequestMethod
URLStream
URLVariables
XMLSocket
Security:
ReferencesValidationSetting
RevocationCheckSettings
SignatureStatus
SignerTrustSettings
X500DistinguishedName
X509Certificate
XMLSignatureValidator
System:
Capabilities
Security
System
Updater
Ui:
Keyboard
KeyboardType
KeyLocation
Mouse
MouseCursorData
Utils:
Vector
ByteArray
Collator
CollatorMode
CompressionAlgorithm
CurrencyFormatter
CurrencyParseResult
DateTimeFormatter
DateTimeNameContext
DateTimeNameStyle
DateTimeStyle
Endian
HTMLLoader
HTMLPDFCapability
LastOperationStatus
LocaleID
NationalDigitsType
NumberFormatter
NumberParseResult
StringTools
Timer
window.runtime propertywindow.runtime.flash.system.Security
InheritanceSecurity Inheritance Object

Runtime Versions: AIR 1.0,

The Security class lets you specify how content in different domains can communicate with each other.



Properties
 PropertyDefined By
 Inheritedconstructor : Object
A reference to the class object or constructor function for a given object instance.
Object
  exactSettings : Boolean
[static] Determines how Flash Player or AIR chooses the domain to use for certain content settings, including settings for camera and microphone permissions, storage quotas, and storage of persistent shared objects.
Security
  pageDomain : String
[static] [read-only] Get the page domain containing the swf.
Security
 Inheritedprototype : Object
[static] A reference to the prototype object of a class or function object.
Object
  sandboxType : String
[static] [read-only] Indicates the type of security sandbox in which the calling file is operating.
Security
Public Methods
 MethodDefined By
  
allowDomain(... domains):void
[static] Lets SWF files in the identified domains access objects and variables in the SWF file that contains the allowDomain() call.
Security
  
allowInsecureDomain(... domains):void
[static] Lets SWF files and HTML files in the identified domains access objects and variables in the calling SWF file, which is hosted by means of the HTTPS protocol.
Security
 Inherited
hasOwnProperty(name:String):Boolean
Indicates whether an object has a specified property defined.
Object
 Inherited
isPrototypeOf(theClass:Object):Boolean
Indicates whether an instance of the Object class is in the prototype chain of the object specified as the parameter.
Object
  
loadPolicyFile(url:String):void
[static] Looks for a policy file at the location specified by the url parameter.
Security
 Inherited
propertyIsEnumerable(name:String):Boolean
Indicates whether the specified property exists and is enumerable.
Object
 Inherited
setPropertyIsEnumerable(name:String, isEnum:Boolean = true):void
Sets the availability of a dynamic property for loop operations.
Object
  
showSettings(panel:String = "default"):void
[static] Displays the Security Settings panel in Flash Player.
Security
 Inherited
toLocaleString():String
Returns the string representation of this object, formatted according to locale-specific conventions.
Object
 Inherited
toString():String
Returns the string representation of the specified object.
Object
 Inherited
valueOf():Object
Returns the primitive value of the specified object.
Object
Constants
 ConstantDefined By
  APPLICATION : String = "application"
[static] The file is running in an AIR application, and it was installed with the package (the AIR file) for that application.
Security
  LOCAL_TRUSTED : String = "localTrusted"
[static] The file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file.
Security
  LOCAL_WITH_FILE : String = "localWithFile"
[static] The file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation.
Security
  LOCAL_WITH_NETWORK : String = "localWithNetwork"
[static] The file is a local file, has not been trusted by the user, and it is a SWF file that was published with a networking designation.
Security
  REMOTE : String = "remote"
[static] The file is from an Internet URL and operates under domain-based sandbox rules.
Security
Property Detail

exactSettings

property
exactSettings:Boolean

Runtime Versions: AIR 1.0,

Determines how Flash Player or AIR chooses the domain to use for certain content settings, including settings for camera and microphone permissions, storage quotas, and storage of persistent shared objects. To have the SWF file use the same settings that were used in Flash Player 6, set exactSettings to false.

This property is to be used in SWF content, not in JavaScript code in AIR applications.


Throws
SecurityError — A Flash Player or AIR application already used the value of exactSettings at least once in a decision about player settings.

pageDomain

property 
pageDomain:String  [read-only]

Runtime Versions:  2.7

Get the page domain containing the swf. For security reasons, the method does not return the full URL, only the page domain, such as http://www.example.com.

sandboxType

property 
sandboxType:String  [read-only]

Runtime Versions: AIR 1.0,

Indicates the type of security sandbox in which the calling file is operating.

Security.sandboxType has one of the following values:

  • remote (Security.REMOTE)—This file is from an Internet URL and operates under domain-based sandbox rules.
  • localWithFile (Security.LOCAL_WITH_FILE)—This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
  • localWithNetwork (Security.LOCAL_WITH_NETWORK)—This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
  • localTrusted (Security.LOCAL_TRUSTED)—This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
  • application (Security.APPLICATION)—This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.

For more information related to security, see the Flash Player Developer Center Topic: Security.

See also

Method Detail

allowDomain

()method
public function allowDomain(... domains):void

Runtime Versions: AIR 1.0,

This method applies to cross-scripting of ActionScript 3.0 code (in SWF content). It does not apply to JavaScript code running in HTML-based AIR applications.

Parameters

... domains — One or more strings or URLRequest objects that name the domains from which you want to allow access. You can specify the special domain "*" to allow access from all domains.

In Flash Professional, specifying "*" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using Access Network Only for the Local Playback Security option in the Flash authoring tool.

Note: The wildcard value does not work for subdomains. For example, you cannot use *.foo.com for the domains parameter. While you can specify a subdomain with a wild card value for a cross domain policy file (as in *.foo.com), you can't use a wildcard value that way for the allowDomain() method.


Throws
SecurityError — Calling this method from code in the AIR application security sandbox throws a SecurityError exception. Content outside of the application security sandbox cannot cross-script content in the application security sandbox.

See also

allowInsecureDomain

()method 
public function allowInsecureDomain(... domains):void

Runtime Versions: AIR 1.0,

This method applies to cross-scripting of ActionScript 3.0 code (in SWF content). It does not apply to JavaScript code running in HTML-based AIR applications.

The following scenario illustrates how allowInsecureDomain() can compromise security, if it is not used with careful consideration.

Parameters

... domains — One or more strings or URLRequest objects that name the domains from which you want to allow access. You can specify the special domain "*" to allow access from all domains.

Specifying "*" is the only way to allow access to nonlocal SWF files from local SWF files that have been published using the Access Network Only option for the Local Playback Security setting (File > Publish Settings > Flash tab) in the Flash authoring tool.

Note: The wildcard value does not work for subdomains. For example, you cannot use *.foo.com for the domains parameter. While you can specify a subdomain with a wild card value for a cross domain policy file (as in *.foo.com), you can't use a wildcard value that way for the allowInsecureDomain() method.


Throws
SecurityError — Calling this method from code in the AIR application security sandbox causes a SecurityError exception to be thrown. Content outside of the application security sandbox cannot cross-script content in the application security sandbox.

See also

loadPolicyFile

()method 
public function loadPolicyFile(url:String):void

Runtime Versions: AIR 1.0,

Looks for a policy file at the location specified by the url parameter. Adobe AIR and Flash Player use policy files to determine whether to permit applications to load data from servers other than their own. Note that even though the method name is loadPolicyFile(), the file isn't actually loaded until a network request that requires a policy file is made.

With Security.loadPolicyFile(), Flash Player or AIR can load policy files from arbitrary locations, as shown in the following example:

     air.Security.loadPolicyFile("http://www.example.com/sub/dir/pf.xml");

     

This causes Flash Player or AIR to attempt to retrieve a policy file from the specified URL. Any permissions granted by the policy file at that location will apply to all content at the same level or lower in the virtual directory hierarchy of the server.

You can use loadPolicyFile() to load any number of policy files. When considering a request that requires a policy file, Flash Player or AIR always waits for the completion of any policy file downloads before denying a request. As a final fallback, if no policy file specified with loadPolicyFile() authorizes a request, Flash Player or AIR consults the original default locations.

When checking for a master policy file, Flash Player waits three seconds for a server response. If a response isn't received, Flash Player assumes that no master policy file exists. However, there is no default timeout value for calls to loadPolicyFile(); Flash Player assumes that the file being called exists, and waits as long as necessary to load it. Therefore, if you want to make sure that a master policy file is loaded, use loadPolicyFile() to call it explicitly.

You cannot connect to commonly reserved ports. For a complete list of blocked ports, see "Restricting Networking APIs" in the ActionScript 3.0 Developer's Guide.

Using the xmlsocket protocol along with a specific port number lets you retrieve policy files directly from an XMLSocket server, as shown in the following example. Socket connections are not subject to the reserved port restriction described above.

     air.Security.loadPolicyFile("xmlsocket://foo.com:414");

     

This causes Flash Player or AIR to attempt to retrieve a policy file from the specified host and port. Upon establishing a connection with the specified port, Flash Player or AIR transmits <policy-file-request />, terminated by a null byte. The server must send a null byte to terminate a policy file, and may thereafter close the connection; if the server does not close the connection, Flash Player or AIR does so upon receiving the terminating null byte.

For more information related to security, see the Flash Player Developer Center Topic: Security.

Parameters

url:String — The URL location of the policy file to be loaded.

See also

showSettings

()method 
public function showSettings(panel:String = "default"):void

Runtime Versions: AIR 1.0,

Displays the Security Settings panel in Flash Player. This method does not apply to content in Adobe AIR; calling it in an AIR application has no effect.

Parameters

panel:String (default = "default") — A value from the SecurityPanel class that specifies which Security Settings panel you want to display. If you omit this parameter, SecurityPanel.DEFAULT is used.

Constant Detail

APPLICATION

Constant
public static const APPLICATION:String = "application"

Runtime Versions:  1.0

The file is running in an AIR application, and it was installed with the package (the AIR file) for that application. This content is included in the AIR application resource directory (where the application content is installed).

See also

LOCAL_TRUSTED

Constant 
public static const LOCAL_TRUSTED:String = "localTrusted"

Runtime Versions: AIR 1.0,

The file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.

See also

LOCAL_WITH_FILE

Constant 
public static const LOCAL_WITH_FILE:String = "localWithFile"

Runtime Versions: AIR 1.0,

The file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. In Adobe AIR, the local file is not in the application resource directory; such files are put in the application security sandbox. The file may read from local data sources but may not communicate with the Internet.

See also

LOCAL_WITH_NETWORK

Constant 
public static const LOCAL_WITH_NETWORK:String = "localWithNetwork"

Runtime Versions: AIR 1.0,

The file is a local file, has not been trusted by the user, and it is a SWF file that was published with a networking designation. The file can communicate with the Internet but cannot read from local data sources.

See also

REMOTE

Constant 
public static const REMOTE:String = "remote"

Runtime Versions: AIR 1.0,

The file is from an Internet URL and operates under domain-based sandbox rules.

See also