Ethan Malasky

Hi Ethan,

I seem to have hit a brick wall with the security in AIR. I need to download and load in swf modules at runtime, but I want to keep them inside a network AND filesystem restricted sandbox, giving them access to methods via a parentSandboxBridge.

However it seems the normal method of loading modules only works for modules bundled at compile time, and the only way to load modules in at runtime from outside the AppDirectory is to allowLoadBytesCodeExecution which gives full access.

Is there any way I can get AIR to let me run downloaded modules in a sandbox?

Thanks

Rob

Flex 3.2 supports modules that are not imported into the loader's SecurityDomain. This means that an AIR app can load local untrusted modules from the filesystem without getting SecurityError exceptions.

If I do this using the ModuleManager.getModule( file.url ) where file is an instance of the File class resolved to my Flex swf () I get the following error:

"SWF is not a loadable module"

There is an explanation here:

http://blogs.adobe.com/aharui/2007/03/swf_is_not_a_loadable_module.html

However as this is coming from a local file:// url I can't expose a cross domain policy file.

I also can't add sandboxe bridges, or security/app domains as it's not loaded using the Loader class.

Any more info would be really helpful, any reference to bridges is in HTML. Thanks

Flex 3.2 supports modules that are not imported into the loader's SecurityDomain. This means that an AIR app can load local untrusted modules from the filesystem without getting SecurityError exceptions.
http://www.tradestead.com