views:

62

answers:

0

Seems to be a question for a Flash security guru.

Suppose we are loading an external SWF movie with MovieClipLoader.loadMovie(url:String) Is it safe to assume that if url starts with "http://", the movie will be loaded in REMOTE sandbox?

We need to tell local SWFs from remote ones to close a security hole.

If you need the context read on.

We have developed a Projector, written in C++ embedding Flash Player ActiveX. Our Flash application runs inside the Projector. Soon we want to give our users a way to create plugins for the application. The plugins are obviously will be SWF movies.

The case I'm afraid of is the following. A bad person creates a malicious evil.swf pretending it to be nice plugin for our app. In case evil.swf is loaded from the local file system it is granted an access to the whole MovieClip tree and Projector API, opening C++ file access operations.

On the other hand if evil.swf is loaded from the internet, remotely, it will be locked in REMOTE sandbox by Flash security model.

Because of this, we need a reliable way to tell local SWF from remote one before loading it. And we must not make a mistake.

So again, is it safe to assume that if url begins with "http://", the clip will be loaded inside REMOTE sandbox?