When you launch a FB SWF from the file system, it has been set up to run in local-with-networking security mode. This most closely resembles the environment you will run in on the web. The folders in your projects directories are trusted, otherwise you'd get security errors accessing jpgs in your assets folder and what not. Unfortunately, there is no "domain" when you're launched off the file system so we can't use crossdomain.xml to filter out what's ok.
However, there are so many degrees of difference between running off the file system vs the web that the only true test of your app is when you deploy it to a server. There you will not only find security permissions issues, but also whether you copied all other external assets properly, timing issues involving download times and asynchronicity etc. For example, when your app loads another SWF, in local mode the SWF is guaranteed to finish loading before the next frame. On the net it isn't. It would be great if we could block remote-server permissions according to crossdomain.xml, so you could see what you can and can't get to right away, but a couple of rules of thumb are to 1) do quick prototypes and deploy them to make sure you have permission, and/or 2) assume you don't have permission to anything remote. -Alex ________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Tracy Spratt Sent: Wednesday, March 21, 2007 11:19 AM To: [email protected] Subject: RE: [flexcoders] Re: Security error accessing url I do not know this as a certainty, but I suspect when FB installs, it puts itself in a "trusted" sandbox/folder. The trusted sandbox allows access to both local and network assets. Search the livedocs for "security sandbox" for more detail on that. Tracy ________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Barbieux Sent: Wednesday, March 21, 2007 6:48 AM To: [email protected] Subject: [flexcoders] Re: Security error accessing url Hi; The discussion about the security access on a web service contains a lot of responses and solutions. But I don't find any explanations about the question number 1: why we have no access problem when we test our application in the Flex Builder environment, and then we receive a lot of security access problem when the application run on clients ? So, what is the difference between the Flash application running in Flex Builder and this Flash running out of this environment ? Is that means that in Flex Builder the Flash application doesn't access the famous crossdomain.xml ?! I think that this diffrence between the development and the client environment is a great problem for Flex devloppers ! It means that if our application runs on our computer, we have no garanty that it's ok for clients !
