Dear Security Warning: Where are you….!
May 30th, 2007 by 
Jaap Kooiker
A couple of days ago I struggled with (at the time) seemed a strange problem.
I had a main application which on it’s part loaded new applications (sub swf’s). Both (the main and the sub) swf’s where on my local machine at the time of development and both swf’s used (besides many other classes) the same (from the same package) static class with static functions. Let’s say the Class had a counter which whenever called, a function called countUp() traced the current count, like so:
public static function countUp():Void{
trace(”current count: “+Sample.countUp++);
}
(output : current count: 1)
(output : current count: 2)
(output : current count: 3)
(output : current count: 4) and so on…
For now everything worked fine. So at the end of the day I uploaded all the swf’s to a test server. The next morning I started with a glimps at the victory I achieved the day before. I did this by compiling the main application and discovered it wasn’t working anymore. The output for an instance would be this:
(output : current count: 1)
(output : current count: 2)
(output : current count: 3)
(output : current count: 4)
and when the external loaded swf called the static method
(output : current count: 1)
(output : current count: 2)
(output : current count: 3)
After that the main application called the static method which resulted in this
(output : current count: 5)
(output : current count: 6)
(output : current count: 7)…
Somehow the two swf’s used a different static class??? At that time I had a big questionmark above my head and got up to get some coffee first.
While drinking my coffee I re-tested the whole on the test server and it worked fine…what the… After some struggeling I remembered that the XML for the main application had Urls to the sub swf’s. Of course these sub swf’s where comming from the server. Maybe that is the problem? I discussed this with a colleague of mine and we concluded flash does this (as in the sample above) for security reasons (of course). This way it is not possible for another external swf to manipulate the classes from another server. It’s all seems so logical now…
So from an interaction design point of view:
If there only was a Sercurity Warning in the flash output panel….
Jaap Kooiker
Posted in Actionscript 2.0, Did you know?, Experiments, Flash 8, Interaction Design | 
February 15th, 2009 at 2:00 pm
// Counter.as
class Counter {
public static var count:Number = 0;
public static function getCount( Void ):Number {
return ( count++ );
}
}
// Loader.fla
import Counter;
System.security.allowDomain( “*” );
// ==================== NOTE =========================
// Loader.swf is on http://www.shhsun.com:8080/loader/
// ProxyLoader.swf is on http://www.sshc625.com:8080/loadee/
// Loadee.swf is on http://www.sshc625.com:8080/loadee/
var listenerObject:Object = new Object();
listenerObject.click = function(eventObject:Object):Void {
myTextInput.text = “Loader : ” + Counter.getCount();
};
myButton.addEventListener(”click”, listenerObject)
var url:String = “http://www.sshc625.com:8080/loadee/ProxyLoader.swf”
var mc:MovieClip = _root.createEmptyMovieClip(”mc”, 1);
var mcl:MovieClipLoader = new MovieClipLoader();
var listener:Object = new Object();
listener.onLoadInit = function( target:MovieClip ):Void {
Function(target[”redirect”]).apply(null, [”Counter”, _global[”Counter”]]);
var mcl2:MovieClipLoader = new MovieClipLoader();
url = “http://www.sshc625.com:8080/loadee/Loadee.swf”
mcl2.loadClip( url, mc );
};
mcl.loadClip(url, mc);
mcl.addListener(listener);
// ProxyLoader.fla
System.security.allowDomain(”*”);
function redirect(path:String, package:Object):Void{
_global[path] = package;
}
// Loadee.fla
import Counter;
System.security.allowDomain( “*” );
var listenerObject:Object = new Object();
listenerObject.click = function(eventObject:Object):Void {
myTextInput.text = “Loadee : ” + Counter.getCount();
};
myButton.addEventListener(”click”, listenerObject)