Security

Security is a key concern of Adobe, users, website owners, and content developers. For this reason, Adobe® Flash® Player and Adobe® AIR™ include a set of security rules and controls to safeguard the user, website owner, and content developer. This discussion covers the security model for SWF files published with ActionScript 3.0 and running in Flash Player 9.0.124.0 or later, and SWF, HTML, and JavaScript files running in AIR 1.0 or later, unless otherwise noted.

This discussion provides an overview of security; it does not try to comprehensively explain all implementation details, usage scenarios, or ramifications for using certain APIs. For a more detailed discussion of Flash Player security concepts, see the Flash Player Developer Center topic "Security" at www.adobe.com/go/devnet_security_en.

• Flash Platform security overview
• Security sandboxes
• Permission controls
• Restricting networking APIs
• Full-screen mode security
• Full-screen interactive mode security
• Loading content
• Cross-scripting
• Accessing loaded media as data
• Loading data
• Loading embedded content from SWF files imported into a security domain
• Working with legacy content
• Setting LocalConnection permissions
• Controlling outbound URL access
• Shared objects
• Camera, microphone, clipboard, mouse, and keyboard access
• AIR security