I’ve been developing the new ActionScript 3.0 (”’AS3”’) Template, which will include, if feasible the ability to run Flash Content locally. (This will be content from a local hard-drive, or CDROM ).
Flash has always had an emphais on security, which has the effect of disabling the functionalty of local content within a browser. This means that an HTML file with SWF content that works from an HTTP address will not work when run from a local file.
For information see: flash_player_9_security.pdf
To quote Macromedia …[The] sandbox provides a restricted area that “surrounds” the player and restricts access to private data…
For more information see: Macromedia Flash Security Sandbox
The flash.system.Security Class within the AS3 API is responsable for the Security Settings. The call Security.sandboxType will get the current sandbox.
System.security.sandboxType has one of the following values:
- remote (Security.REMOTE) This file is from an Internet URL and operates under domain-based sandbox rules.
- localWithFile (Security.LOCAL_WITH_FILE) This file is a local file, has not been trusted by the user, and it is not a SWF file that was published with a networking designation. The file may read from local data sources but may not communicate with the Internet.
- localWithNetwork (Security.LOCAL_WITH_NETWORK) This SWF file is a local file, has not been trusted by the user, and was published with a networking designation. The SWF file can communicate with the Internet but cannot read from local data sources.
- localTrusted (Security.LOCAL_TRUSTED) This file is a local file and has been trusted by the user, using either the Flash Player Settings Manager or a FlashPlayerTrust configuration file. The file can read from local data sources and communicate with the Internet.
- application (Security.APPLICATION) This file is running in an AIR application, and it was installed with the package (AIR file) for that application. By default, files in the AIR application sandbox can cross-script any file from any domain (although files outside of the AIR application sandbox may not be permitted to cross-script the AIR file). By default, files in the AIR application sandbox can load content and data from any domain.
(The above is quoted from sandboxType in the Flash 9.0 API)
-> The localTrusted is the sandboxType we want for local access.
So far I’ve found two methods to override the default secutity settings,
- Global security settings for content creators
See:Global security settings for content creators
Here the user can define the specific location to trust or set to ‘always allow’
- Set the Trusted Locations in the mms.cfg file
This file on a PC is buried in this location C:\WINDOWS\system32\Macromed\Flash\FlashPlayerTrust
If the file is not present one can be written and saved use your favourite text editor.
In my case I wrote the following:
# Trust files in the following directories: C:\Documents and Settings\rwenban\PENDING\local_video_test
Neither solution is satisfactory, in the respect that the end-user is required to change user settings. I’m currently researching:
- Can the Flash Player can look within another location for the mms.cfg file?
- For critical Flash content a Projector could be used.
Notes and Links
Descriptions of Flash Player error codes can be found at: errors-content