Running Flash Locally

Introduction

I’ve been developing the new ActionScript 3.0 (”’AS3”’) Template, which will include, if feasible the ability to run Flash Content locally. (This will be content from a local hard-drive, or CDROM ).

Flash has always had an emphais on security, which has the effect of disabling the functionalty of local content within a browser. This means that an HTML file with SWF content that works from an HTTP address will not work when run from a local file.

For information see: flash_player_9_security.pdf

Sandbox

To quote Macromedia …[The] sandbox provides a restricted area that “surrounds” the player and restricts access to private data…

For more information see: Macromedia Flash Security Sandbox

The flash.system.Security Class within the AS3 API is responsable for the Security Settings. The call Security.sandboxType will get the current sandbox.

System.security.sandboxType has one of the following values:

  1. remote (Security.REMOTE) This file is from an Internet URL and operates under domain-based sandbox rules.
  2. localWithFile (Security.LOCAL_WITH_FILE) This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
  3. localWithNetwork (Security.LOCAL_WITH_NETWORK) This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
  4. localTrusted (Security.LOCAL_TRUSTED) This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
  5. application (Security.APPLICATION) This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside of the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.

(The above is quoted from sandboxType in the Flash 9.0 API)

-> The localTrusted is the sandboxType we want for local access.

Solutions

So far I’ve found two methods to override the default secutity settings,

  1. Global security settings for content creators
    See:Global security settings for content creators
    Here the user can define the specific location to trust or set to ‘always allow’
  2. Set the Trusted Locations in the mms.cfg file
    This file on a PC is buried in this location C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust

    If the file is not present one can be written and saved use your favourite text editor.
    In my case I wrote the following:

     # Trust files in the following directories:
     C:\Documents and Settings\rwenban\PENDING\local_video_test

Conclusions

Neither solution is satisfactory, in the respect that the end-user is required to change user settings. I’m currently researching:

  1. Can the Flash Player can look within another location for the mms.cfg file?
  2. For critical Flash content a Projector could be used.

———————————————————————————————————————-

Notes and Links

Descriptions of Flash Player error codes can be found at: errors-content

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s