In Flash Player 6, the domain that is used for certain Flash
Player settings is based on the trailing portion of the domain of
the SWF file. These settings include settings for camera and microphone
permissions, storage quotas, and storage of persistent shared objects.
If the domain of a SWF file includes more than two segments,
such as www.example.com, the first segment of the domain (www) is
removed, and the remaining portion of the domain is used. So, in
Flash Player 6, www.example.com and store.example.com both use example.com
as the domain for these settings. Similarly, www.example.co.uk and
store.example.co.uk both use example.co.uk as the domain for these
settings. This can lead to problems in which SWF files from unrelated
domains, such as example1.co.uk and example2.co.uk, have access
to the same shared objects.
In Flash Player 7 and later, player settings are chosen by default
according to a SWF file’s exact domain. For example, a SWF file
from www.example.com would use the player settings for www.example.com.
A SWF file from store.example.com would use the separate player
settings for store.example.com.
In a SWF file written using ActionScript
3.0, when
Security.exactSettings
is set to
true
(the
default), Flash Player uses exact domains for player settings. When
it is set to
false
, Flash Player uses the domain
settings used in Flash Player 6. If you change
exactSettings
from
its default value, you must do so before any events occur that require
Flash Player to choose player settings—for example, using a camera
or microphone, or retrieving a persistent shared object.
If you published a version 6 SWF file and
created persistent shared objects from it, to retrieve those persistent
shared objects from a SWF that uses ActionScript 3.0, you must set
Security.exactSettings
to
false
before
calling
SharedObject.getLocal()
.
