SWHX and security sandbox

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SWHX and security sandbox

Juan Delgado
Hi there,

Got an email from an HippoHX user (yay! Yes I'm still at the stage
where I'm happy to receive even private mails about HippoHX) asking
about why LoadVars wasn't working. I thought it could be related to
the security sandbox nightmare.

Long story short, it seems SWHX automatically instantiates the player
in the "localTrusted" sandbox which I guess it's nice because it's the
most relaxed policy.  I took a look to SWHX sources (flash_dll.c, you
have to love Open Source) and this seems to be true. Am I right?

Ta!

Juan

--
Juan Delgado - Zárate
http://zarate.tv
http://dandolachapa.com
http://loqueyosede.com

--
haXe - an open source web programming language
http://haxe.org
Reply | Threaded
Open this post in threaded view
|

Re: SWHX and security sandbox

Nicolas Cannasse
Juan Delgado a écrit :

> Hi there,
>
> Got an email from an HippoHX user (yay! Yes I'm still at the stage
> where I'm happy to receive even private mails about HippoHX) asking
> about why LoadVars wasn't working. I thought it could be related to
> the security sandbox nightmare.
>
> Long story short, it seems SWHX automatically instantiates the player
> in the "localTrusted" sandbox which I guess it's nice because it's the
> most relaxed policy.  I took a look to SWHX sources (flash_dll.c, you
> have to love Open Source) and this seems to be true. Am I right?

I think that localTrusted or network mode is set in the SWF informations
directly, it's not specified by SWHX.

Flash checks security before forwarding the LoadVars call to the SWHX
Api, and I'm not sure how we can tell it to ignore all security since
it's handled directly at the application level in swhx.Flash.getURL

Nicolas

--
haXe - an open source web programming language
http://haxe.org