1. Home
  2. Macromedia
  3. Flash hacks. 100 industrial-strength tips & tools

Handling Local Executables

Users who are not suspicious of executables received over the Web won't have fully functioning computers for long. To prevent the Flash Player from running virulent code, the ActionScript environment is under strict control. A SWF running in the Flash Player plugin or ActiveX control in a browser is not allowed to run an executable on the user's machine, such as by using fscommand("exec").

However, a SWF file running in the Standalone Flash Player (a separate executable sometimes called a Projector) is allowed to execute external applications using fscommand("exec"), as described at http://www.macromedia.com/support/flash/ts/documents/fscommand_projectors.htm. Like any desktop application, the Standalone Flash Player constitutes a potential security risk. To reduce the risk, Macromedia allows fscommand("exec") to execute a file only if it is stored within a subfolder named FSCOMMAND (case-insensitive) within the folder containing the Flash Projector.

Now that you understand some of the security issues surrounding Flash, let's look at some of the hacks to help you protect your content [Hack #98] against likely angles of attack [Hack #97] .



    		Chapter 1. Visual Effects
    		Chapter 2. Color Effects
    		Chapter 3. Drawing and Masking
    		Chapter 4. Animation
    		Chapter 5. 3D and Physics
    		Chapter 6. Text
    		Chapter 7. Sound
    		Chapter 8. User Interface Elements
    		Chapter 9. Performance and Optimization
    		Chapter 10. ActionScript
    		Chapter 11. Browser Integration
    		Chapter 12. Security
    		Hacks #97-100
    		Privacy Settings
    		Cross-Domain Policy
    		Handling Local Executables
    		Hack 97 Recover Content from a SWF
    		Hack 98 Protect and Obfuscate Your Flash Files
    		Hack 99 Make Your SWF Phone Home
    		Hack 100 Review Compiled ActionScript