flash (macromedia): Hi,

I have a problem accessing variables in mc's and I must assume that it is
down to Flash Player 7 as this has not come up before. I am on a deadline,
and need this resolving some way or the other, any help is very much
appreciated.

I have had similar problems with previous versions of Flash Player, going
back to Flash 5 I think, but they were resolved with **
System.security.allowDomain("domain name"); ** - this does not seem to be
the case with FP7!!!!!!!

I have tested in MX Pro and MX, both with the same problems, the only common
factor is FP7.

The problem is as follows

I need to place a swf file (eventually it will be embedded in SWF Studio) on
the desktop. The desktop based swf loads a local xml file with client
details and then loads a swf from the net. The swf from the net then uses
the data from the local xml file to load a remote, client specific xml file.
(Setting it up this way means that I only need to update the xml file that
gets shipped out with the App, no need to change the fla, and I can update
the structure of the communal remote swf rather than sending out updates to
clients etc).

When my remote swf is loaded into the local swf it is unable to access the
xml data, or any other variables for that matter. I have tried a few tests
and the two movies just cannot communicate although the loading process is
completed ok.

When I test in MX Pro I get the following output :

*** Security Sandbox Violation ***
SecurityDomain 'http://www.pompeyd.net/Test/Test2.swf' tried to access
incompatible context
'file:///C|/Documents%20and%20Settings/PompeyD%20Ltd/Desktop/PompeyD%20Ltd/T
ests/Test.swf'

When I test in MX I get no output other than requested trace actions.

I have checked the help files and although they say the following :

System.security.allowDomain()
Availability
Flash Player 6; behavior changed in Flash Player 7.

The help files do not resolve this issue. The only difference I can see
between the behaviour in FP6 and FP7 is in relation to secure domains, which
is not what I am working with for this.

I would sincerely appreciate any help anyone can give on this issue.

Thanks

Paul Hollyer

[quoted text, click to view]

did you check ?

Urami,

I checked the article, tried a few tests, resolved the problem, and found
that the article, and the security is a load of Bo**ocks.

Here's why,

I have Desktop.swf on my desktop loading Remote.swf from my domain.

I have the following code in Remote.swf :

System.security.allowDomain("www.myDomain.net");

If Desktop.swf now loads Remote.swf interaction is NOT allowed.

If I place the same System code in my Desktop.swf and REMOVE the System code
from my Remote.swf guess what, INTERACTION IS ALLOWED!!!

So, judging by this, as long as the security code is in the swf that is
DOING the loading, ie my Desktop.swf, then interaction is allowed. Where is
the security in that? Anyone can place the security code in their swf's and
load ANY swf from my domain AND interact with it.

This may only relate to desktop based swf's I have not tested cross urls
yet, but I will. Even if this does only relate to desktop swf's it is still
a major INSECURITY, especially considering the amount of Flash work that is
now being done specifically for the desktop - SWF Studio, Flash Jester, etc
etc etc.

I have sent feedback on the article to MM, and thanks for pointing me in the
direction of the article, it is a shame that once again MM fall short in
their literature and foresight.

Thanks again

Paul Hollyer
PompeyD Ltd

[quoted text, click to view]

[quoted text, click to view]

Actually the domain restriction does not apply to desktop .
Only for files running within domains.
system.security does not have much use on desktop because you not on any domain .
It is mostly to be use if you load or send variables , not actual swf movies.
We could load or send variable to others files , like submitting high scores to other sites for instance .
That's what's the security is for . Even tho it is still not any good , simple PHP can make variable appear
local and in the same time avoid all security bounding to the domain .

By the way , if you find something interesting , exceptions in which it does or does not work etc... please do post . I did not really investigate
that but would be great to
know for the future reference .

Thank you

Have a nice day


Regards

urami_*



<lsym>

There's no place like 127.0.0.1