Erica Norton of the Flash Player Team wrote an interesting post in the flashcoders list about the upcoming changes in the Flash 8 security restrictions.
I’m copying here parts of that post:
In Flash Player 8, the rules are:
- local with file system content may only communicate with other local content
- local with networking content may only communicate with remote content
- trusted content may communicate with both local and remote content
The first 2 types will be publishable. For those that do not upgrade their Authoring tool, we will be providing a command line utility to convert SWFs to local with networking SWFs (and vice versa).
There will be 2 mechanisms for trusting content.
The first, many of you have seen: the Settings Manager. The second method is in the form of .cfg files placed in a specific location for the Flash Player to read.
This will enable distributors of local content, via an installer for example, to install a .cfg file to the appropriate location, thereby trusting the content. One could also provide an updater to an already distributed bit of content in order to trust those documents this way.
Please note, that one may trust a directory, which trusts all content recursively below that directory.
There will also be an API available in ActionScript in order to detect which of the 4 sandbox types that the SWF is (remote or local: local with file system, local with networking, trusted) so that in ActionScript you can do one thing or another.