How does Flash handle secure information?
Standard browser and HTTP security features
Flash relies on standard browser and HTTP security features. If you want to support secure passwords in Flash, you must request a password from the user and then submit it to a server with a POST operation using an https: URL. The web server can then indicate whether the password is valid. Flash offers the same security that is available with standard HTML. You should follow the same rules that you follow when building secure HTML websites.
When playing a Flash movie in a web browser, you can only load data into to the movie from a file that is on a server in the same subdomain. This prevents Flash movies from being able to download information from other people's servers.
Additional Information
For more information on security, see:
- External data not accessible outside a Flash movie's domain (TechNote 14213)
- Loading data across domains (TechNote 16520)
- Flash Player 9 security white paper
For specific security issues and concerns, visit the Security advisories page.
This content requires Flash
To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.
Download the free Flash Player now!
