Flash Security Policy guidelines

Document last update Feb 19th, 2008

» Introduction:

The Flash Player comes with an integrated mechanism (the "Security Sandbox") that protects the user from possible malicious code inside the SWF file. The sandbox restricts the access only to those resources available in the same domain where the SWF file was loaded from.
While this is a great protection system to avoid unwanted file/network accesses, it can also be a show-stopper for applications that need to obtain different resources from different locations (local media, remote media, remote socket connections, remote web pages).

The Flash Player provides configurable policy-files that can be served in multiple ways to enable the access to external resources. In this document we provide a number of recommended procedures to enable SmartFoxServer client applications successfully work with these security restrictions.

NOTE: The following guidelines apply to all SWF files running in a web page or in the standalone Flash Player.
When running in the Flash IDE or in a projector the sandbox restrictions do not apply.

» How the security model works:

There are a lot of articles and documents directly from Adobe that discuss this topic in detail.
Instead of repeating the same things in this page we recommend checking the original resources in the list below.
If you're completely new to this topic we suggest reading at least the first three articles to get started:

» SmartFoxServer connection guidelines: