Straight from Xcelsius Best Practices: Flash Security

If you are encountering issues while opening a local SWF or a SWF hosted on a web server, make sure the Flash Player security settings are set accordingly. Below are the instructions on how to change the Flash Player security settings.

Note: This information is from the White Paper “Xcelsius 2008 General Best Practices” written by Matt Lloyd.

Running a SWF from Your Desktop – Make the SWF Trusted

If you export to Microsoft PowerPoint, Microsoft Word, HTML, or to your desktop to run the SWF, you may find the SWF does not work if you try to retrieve data or try to navigate to a Web page because of the Adobe Flash security restrictions.
To run this SWF on your desktop, you need to make it trusted, so it can access Web sites or local data.

Note: You can make a SWF trusted using the Global Settings Manager (if you have Internet access) or with a FlashPlayerTrust configuration file.

To make a SWF trusted using the Global Settings Manager:

  1. Run the SWF.
  2. Right-click on the SWF to see a context menu and select Settings…
  3. Select the Privacy tab.
  4. Click Advanced… (opens in a new window).
  5. Select Global Security Settings Panel (in the Table of Contents).
  6. Add this SWF as trusted location.
  7. Close the browser and reload the SWF.

Running a SWF Hosted on a Web Server –Use a Cross-Domain Policy File

If you host your SWF on a Web server, make sure that any Web server you need to connect to for live data has a cross-domain policy file in the Web server root (the location of the root folder differs for each Web server). If you do not, then you may not be able to connect to the Web server to get data when you run the SWF hosted on your Web server.

The cross-domain policy file controls which SWFs running in which domains can access your Web server.

The below code presents an example of a cross-domain policy file that lets any SWF running on any domain access your Web server. This file needs to be placed on the root of your Web server.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
<allow-http-request-headers-from domain="*"
headers="*" secure="false" />
<allow-access-from domain="*" secure="false" />
  • shajeer

    Hi ,
    This is regarding your article Flash security,
    I have a problem to publish my SWF file.
    Here is the problem
    I hosted the SWF file on to my server dxbafww03:7003, and it is working fine when I type the URL on browser like http://dxbafww03:7003/,
    But I have created an alias name to this server path, for example, and when access through this path, the SWF file is not returning data from database.
    Any idea, why?


  • Recientemente adquirí Xcelsius Present 2008, pero al instalarlo en mi PC cuando me solicita el la llave de activación y le coloco la que me proporcionaron al comprar el programa en me aparece un error, mi PC tiene Windows Vista de 32 Bits.

    Si alguien me puede orientar al respecto por favor le agradecería ayuda para solventar dicho inconveniente al momento de completar la instalación.

    (Translated in English by the Admin)

    Recently purchased Xcelsius Present 2008, but when installing on my PC when I requested the activation key and places that I gave to buy the program I get an error, my PC has Windows Vista 32 bits.

    If someone can guide me in this regard would you please help solve this problem when installation is complete.

  • What error message do you get?

  • Oscar V

    Thanks so much for this.