Press/Analyst Contacts Matt Rozen Adobe Systems Incorporated 415-832-2268 mrozen@adobe.com Craig Corica A&R Edelman 650-762-2917 ccorica@ar-edelman.com

FOR IMMEDIATE RELEASE

Adobe Flash Player 10 Now Available
Innovative New Features and Adobe Creative Suite 4 Integration Enable Breakthrough Web Experiences
SAN JOSE, Calif. Oct. 15, 2008 Adobe Systems Incorporated (Nasdaq:ADBE) today announced the immediate availability of Adobe Flash Player 10 software. Interactive designers and developers can leverage the new expressive features and visual performance improvements in Flash Player 10 for unprecedented creative control to deliver the most compelling Web applications, interactive content and high quality video to users across multiple browsers and all major operating systems. Designers and developers know if they deliver video, online games, rich Internet applications (RIAs) and other interactive experiences using Adobe Flash Player, they can reliably reach the entire Web, said David Wadhwani, general manager and vice president of the Platform Business Unit at Adobe. Flash Player 10 continues to set the pace for Internet innovation, and were excited to see how the community is already using it to create an entirely new class of experiences not previously achievable on the Web. Adobe Flash Player 10 builds on the capabilities of the worlds most pervasive application runtime with new support for custom filters and effects, native 3D transformation and animation, advanced audio processing, and GPU hardware acceleration. Building on over 25 years of Adobe expertise with text, the highly flexible new text engine in Flash Player 10 provides interactive designers and developers with more text layout options and better creative control. Adobe Flash Player 10 also extends the expressive capabilities of the Adobe Creative Suite 4 product line (also available today see separate press release) with new levels of Adobe Flash technology integration to streamline collaboration and enhance the design/develop workflow. Interactive designers and developers can create custom filters and effects with Adobe Pixel Bender, which is the same technology behind many filters and special effects in Adobe After Effects CS4 software. Developers targeting Adobe Flash Player 10 can use these filters, blend modes and fills to animate effects or change the effect on rich media content at runtime. Flash Player 10 also enables new capabilities and performance improvements in Adobe Flash CS4 Professional, the industrys most advanced authoring environment for creating interactive experiences. This includes easy-to-use 3D effects that enable designers to design in 2D and easily transform and animate in 3D.
Page 2 of 2 Adobe Flash Player 10 Now Available
Our clients expect innovation, said Tim Barber, partner and creative director for Odopod, a leading design studio and member of the Society of Digital Agencies (SoDA). With the improved visual performance and awesome new 3D effects in Adobe Flash Player 10, we can now use Adobe Flash CS4 Professional to create cool Web experiences that were previously impossible. For us, this means fewer boundaries to the creative process. Adobe Flash Player delivers unparalleled creative options, highly engaging user experiences, stunning audio/video playback, and virtually universal reach across operating systems. Flash Player content reaches over 98 percent of Internet-enabled desktops. More than 80 percent of online videos worldwide are viewed using Adobe Flash technology, making it the number one format for video on the Web. Adoption of a previous update to Flash Player 9 set all-time records by achieving nearly 90 percent reach on Internet-enabled desktops in less than nine months and Flash Player 10 is expected to achieve a similar adoption rate. Innovations introduced in Adobe Flash Player 10 will contribute to future Open Screen Project efforts, such as work that will bring Flash Player 10 to mobile devices. The Open Screen Project is an industry-wide initiative to deliver rich multi-screen experiences built on a consistent runtime environment for open Web browsing and standalone applications across personal computers, mobile devices, and consumer electronics. More information about the Open Screen Project is available at www.openscreenproject.org. To learn more about the new features and read what designers and developers are saying about Adobe Flash Player 10, visit www.adobe.com/products/flashplayer/.

Availability

Adobe Flash Player 10 is available immediately as a free download for Windows, Macintosh and Linux platforms (including new support for Ubuntu 7 and 8) from www.adobe.com/go/getflashplayer. Support for Solaris is expected later this year. All of the new expressive features and performance improvements introduced in Adobe Flash Player 10 will be available in Adobe AIR later this year for designers and developers to build applications that run outside the browser.
About Adobe Systems Incorporated
Adobe revolutionizes how the world engages with ideas and information anytime, anywhere and through any medium. For more information, visit www.adobe.com. ###
2008 Adobe Systems Incorporated. All rights reserved. Adobe, the Adobe logo, After Effects, Adobe AIR, Creative Suite, Flash and Pixel Bender are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners.

TECHNICAL PAPER

Adobe Flash Player 10 Administration Guide

Version 1.0 October 2008

2008 Adobe Systems Incorporated. All rights reserved. Adobe Flash Player 10 Administration Guide If this guide is distributed with software that includes an end user agreement, this guide, as well as the software described in it, is furnished under license and may be used or copied only in accordance with the terms of such license. Except as permitted by any such license, no part of this guide may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without the prior written permission of Adobe Systems Incorporated. Please note that the content in this guide is protected under copyright law even if it is not distributed with software that includes an end user license agreement. The content of this guide is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Adobe Systems Incorporated. Adobe Systems Incorporated assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this guide. Any references to company names in sample templates are for demonstration purposes only and are not intended to refer to any actual organization. Adobe, the Adobe logo, ActionScript, and Flash are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Mac OS is a trademark of Apple Inc., registered in the United States and other countries. Windows is either a registered trademark or a trademark of Microsoft Corporation in the United States and/or other countries. All other trademarks are the property of their respective owners. This product includes software developed by the Apache Software Foundation (http://www.apache.org/). MPEG Layer-3 audio compression technology licensed by Fraunhofer IIS and Thomson Multimedia (http:// www.mp3licensing.com) Speech compression and decompression technology licensed from Nellymoser, Inc. (www.nellymoser.com). Video compression and decompression is powered by On2 TrueMotion video technology. 1992-2005 On2 Technologies, Inc. All Rights Reserved. http://www.on2.com. This product includes software developed by the OpenSymphony Group (http://www.opensymphony.com/). This product contains either BSAFE and/or TIPEM software by RSA Security, Inc. Sorenson Spark video compression and decompression technology licensed from Sorenson Media, Inc.
Adobe Systems Incorporated, 345 Park Avenue, San Jose, California 95110, USA. Notice to U.S. Government End Users. The Software and Documentation are Commercial Items, as that term is defined at 48 C.F.R. 2.101, consisting of Commercial Computer Software and Commercial Computer Software Documentation, as such terms are used in 48 C.F.R. 12.212 or 48 C.F.R. 227.7202, as applicable. Consistent with 48 C.F.R. 12.212 or 48 C.F.R. 227.7202-1 through 227.7202-4, as applicable, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other end users pursuant to the terms and conditions herein. Unpublished-rights reserved under the copyright laws of the United States. Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA. For U.S. Government End Users, Adobe agrees to comply with all applicable equal opportunity laws including, if appropriate, the provisions of Executive Order 11246, as amended, Section 402 of the Vietnam Era Veterans Readjustment Assistance Act of 1974 (38 USC 4212), and Section 503 of the Rehabilitation Act of 1973, as amended, and the regulations at 41 CFR Parts 60-1 through 60-60, 60-250, and 60-741. The affirmative action clause and regulations contained in the preceding sentence shall be incorporated by reference.

Contents

Introduction. 5 Why install Flash Player?. 5 Intended audience. 6 Documentation map. 6 Additional resources. 6 Flash Player and deployment. 7 Design and development tools. 7 Chapter 1: Flash Player Environment. 9 Player files and locations. 9 Firefox/Mozilla plug-in architecture. 10 ActiveX Control on Windows. 10 Additional files.11 Data formats used. 12 Network protocols used. 13 Player processes. 13 Player versions. 14 Chapter 2: Player Installation. 17 Uninstalling Flash Player. 17 Uninstalling on Windows. 18 Uninstalling on Linux. 18 Uninstalling on Macintosh. 18 EXE installation. 18 Active Directory installation. 19 Configuring SMS. 20 SMS and Adobe Catalog installation.27 System requirements for SMS deployment. 28 SMS tools for deploying custom updates. 28 Downloading the Flash Player catalog. 28 Importing the Flash Player catalog. 28 Publishing the Flash Player catalog. 29 Confirming successful publication. 30 Deploying the update. 30 Additional resources. 32

Design and development tools
Adobe provides the following tools for developing SWF files (the file format that executes in Flash Player):
Adobe Flash CS4 Professional (www.adobe.com/products/flash/) In Flash CS4 Professional, designers and developers create FLA files that contain graphical elements, a timeline, and ActionScript code. Both ActionScript 2.0 and ActionScript 3.0 are supported. FLA files are compiled into SWF files.
Adobe Flex (www.adobe.com/products/flex/) In Flex, developers create MXML files that describe the visual and code elements of their applications. They can also use ActionScript 3.0. Both MXML and ActionScript compile into SWF files.

CHAPTER 1

Flash Player Environment
This chapter describes the different environments in which Adobe Flash Player runs, where Flash Player files are stored on the system, processes Flash Player generates, and information on determining which version of the player is installed on a system. This chapter contains the following sections:
Player files and locations. 9 Data formats used. 12 Network protocols used. 13 Player processes. 13 Player versions. 14
Player files and locations
Adobe Flash Player is normally deployed as a browser plug-in or ActiveX control. For each player environment, two versions of Flash Player are availablea Content Debugger version for developers, and a Release version for end users. The Content Debugger player is installed with the development environment. This player implements the same feature set as the Release player, but also displays run-time errors during compilation. Each of these implementations is described in this section.

N OT E

There is also a stand-alone player, but its usually installed by the development tools, not deployed by administrators.
Firefox/Mozilla plug-in architecture
Mozilla, Mozilla-based browsers (such as Firefox), and the Safari browser on the Macintosh use this plug-in.
Windows plug-in filenames and locations
On Windows, files named NPSWF32.dll and flashplayer.xpt are installed. These files are placed in the following directory, along with the ActiveX control. For example: %WINDIR%\System32\Macromed\Flash

If you've renamed the MSI file to avoid command line problems with spaces in the filename, the bootstrap file will no longer work, because the bootstrap file is looking for a specific hard-coded filename. In this case, run the MSI file directly instead.
Launch the installer on the client using quiet mode
If you don't need to customize the installation options, then you can run the installation noninteractively. This method requires with a command line switch, as shown below. When run in this mode, the default options are used for all items that would be presented as choices in the interactive install.
msiexec /i "install_flash_player_9_activeX.msi" /qn
The simple command line syntax shown above works in most cases, but other command line elements and switches are available. A more comprehensive version of the syntax looks like this (to be entered all on one line):
%Comspec% /c msiexec /i "\\network path\install_flash_player_9_activeX.msi" /qn
In both cases, the final /qn switch must be on the same line as the rest of the command. The arguments used in the command line example above are described below.

%Comspec%

is an environment variable provided by Windows. It points to the command interpreter, cmd.exe.
/c is a switch passed to cmd.exe telling the shell to wait until the msiexec.exe command completes before proceeding. Without this switch, the shell will execute subsequent commands before the current command finishes. msiexec.exe
is the Windows installer runtime. When you double-click an MSI file (for example, foo.msi) you are implicitly running msiexec /i foo.msi.
instructs MSIEXEC to install the MSI file listed after the switch. There is also an /x switch that uninstalls the MSI file specified after the /x switch. specifies a user interface level for the action. The /qn switch suppresses all prompts and is therefore useful for silent installations. When attempting to debug, you can switch to /qb, which displays basic modal dialogs.
For more information about command line options available for msiexec, see CommandLine Options in the MSDN Library at msdn.microsoft.com/en-us/library/aa367988.aspx.

Windows (Vista, XP and 2000)
%WINDIR%\System32\Macromed\Flash

Macintosh Linux

/Library/Application Support/Macromedia

/etc/adobe/

Unlike Windows and Macintosh, the Linux player is in a directory named adobe, not in one named Macromed or Macromedia.
You might use third-party administration tools, such as Microsoft System Management Server, to replicate the configuration file to the user's computer. Use the standard techniques provided by your operating system to hide or otherwise prevent end users from seeing or modifying the mms.cfg file on their systems.
Setting options in the mms.cfg file
This section discusses how to format and set options in the mms.cfg file. The value of some mms.cfg options can be queried through the use of ActionScript. When this is possible, the ActionScript API is noted in the options description.

File format

The format of the mms.cfg file is a series of name = value pairs separated by carriage returns. If a parameter is not set in the file, Flash Player either assumes a default value or lets the user specify the setting by responding to pop-up questions, or by using Settings dialog boxes or the Settings Manager. (For more information on how the user can specify values for certain options, see Chapter 4, User-Configured Settings, on page 77.) The options in the mms.cfg file use the following syntax:
ParameterName = ParameterValue
Only one option per line is supported. Specify Boolean parameters either as "true" or "false", or as 1 or 0, or as "yes" or "no". Comments are allowed. They start with a # symbol and go to the end of the line. This symbol can be used to insert comments or to temporarily disable directives. Whitespace is allowed, including blank lines or spaces around equal signs ( = ).

Character encoding

Some mms.cfg directives may have values that include non-ASCII characters, so the character encoding of the file is significant in those cases. We support a standard text file convention: the file may use either UTF-8 or UTF-16 Unicode encoding, either of which must be indicated by including a "byte order mark" (BOM) character at the beginning of the file; if no BOM is found, Flash Player assumes that the file is encoded using the current system default code page. Many popular text editors, including Windows Notepad and Mac TextEdit, are capable of writing UTF-8 or UTF-16 files with BOMs, although you may need to specify that as an option when saving.
Summary of mms.cfg options
The following table summarizes the options available in mms.cfg, in alphabetical order.

Option

AllowUserLocalTrust AssetCacheSize

Description

Lets you prevent users from designating any files on local file systems as trusted. Lets you specify a hard limit, in MB, on the amount of local storage that Flash Player uses for the storage of common Flash components. Lets you prevent Flash Player from automatically checking for and installing updated versions. Lets you specify how often to check for an updated version of Flash Player. Lets you prevent SWF files from accessing webcams or microphones. Lets you prevent information on installed fonts from being displayed. Lets you prevent networking or file system access of any kind. Lets you prevent native code applications that are digitally signed and delivered by Adobe from being downloaded. Lets you enable or disable the use of the Socket.connect() and XMLSocket.connect() methods. Lets you create a whitelist of servers to which socket connections are allowed.

AutoUpdateDisable AutoUpdateInterval AVHardwareDisable DisableDeviceFontEnumeration DisableNetworkAndFilesystemIn HostApp DisableProductDownload

DisableSockets

EnableSocketsTo
EnforceLocalSecurityInActiveXH Lets you enforce local security rules for a specified ostApp application. FileDownloadDisable FileUploadDisable FullScreenDisable LegacyDomainMatching Lets you prevent the ActionScript FileReference API from performing file downloads. Lets you prevent the ActionScript FileReference API from performing file uploads. Lets you disable SWF files playing via a browser plug-in from being displayed in full-screen mode. Lets you specify whether SWF files produced for Flash Player 6 and earlier can execute an operation that has been restricted in a newer version of Flash Player. Lets you specify how Flash Player determines whether to execute certain local SWF files that were originally produced for Flash Player 7 and earlier. Lets you prevent local SWF files from having read access to files on local hard drives. Lets you specify a hard limit on the amount of local storage that Flash Player uses (per domain) for persistent shared objects. Overrides validation of the requirements needed to implement GPU compositing. Creates a list of ProductManager applications that users are not permitted to install or launch. Specifies how the NetStream constructor connects to a server when a value is specified for peerID, the second parameter passed to the constructor. Lets Flash Player make RTMFP connections through the specified TURN server in addition to normal UDP sockets. Lets you specify whether third-party SWF files can read and write locally persistent shared objects.

LocalFileLegacyAction

LocalFileReadDisable LocalStorageLimit
OverrideGPUValidation ProductDisabled RTMFPP2PDisable

RTMFPTURNProxy

ThirdPartyStorage
This document describes mms.cfg options that let you do the following:
Control access to camera, microphone, and system font information (see Privacy options on page 63). Specify whether SWF files playing in a browser can be displayed in full-screen mode (see User interface option on page 64). Control access to the local file system (see Data loading and storage options on page 64). Specify settings for Flash Player auto-update (see Update options on page 67). Specify adjustments to Flash Player's default security model (see Security options on page 69). Specify whether low-level socket connections are allowed (see Socket connection options on page 72). Override settings related to GPU compositing (see GPU Compositing on page 72). Specify settings related to Peer-to-Peer connections using the RTMFP protocol (see RTMFP options on page 73).

Update options

Settings in this category let you configure the auto-update mechanism used by Flash Player. You can increase or decrease the frequency of checks for newer versions, or disable autoupdate entirely. Flash Player supports notification of software updates by periodically checking for new versions of the player on the adobe.com site. Flash Player never runs in the background to perform the auto-update check. This anonymous check is only performed when the player is loaded to view Flash content, typically in the browser, and by default only occurs if it has been at least 30 days since the last time it checked for updates. The auto-update notification settings can be configured by users or by options in the mms.cfg file. Users can set the frequency of the checks or disable auto-update notification by using the Global Notifications Settings Panel in the Flash Player Settings Manager. If you want to enforce standardized update settings for all users, you can use the mms.cfg options discussed in this section.

AutoUpdateDisable

AutoUpdateDisable = [ 0, 1 ]
If this value is set to 0 (the default), Flash Player lets the user enable or disable auto-update in the Settings Manager. If this value is set to 1, Flash Player disables auto-update, which prevents Flash Player from automatically checking for and installing updated versions. You cant use this option to prevent the user from disabling auto-update.

NOT E 68

If this value is set to 1, or if the user disables auto-update, the remaining options in this section are ignored.

AutoUpdateInterval

AutoUpdateInterval = [ number of days ]
If this is a negative value (the default), Flash Player uses the auto-update interval value specified in the Settings Manager. (If users don't make any changes with the Settings Manager, the default is every 30 days.) If this value is set to 0, Flash Player checks for an update every time it starts. If this is a positive value, the value specifies the minimum number of days between update checks.

DisableProductDownload

DisableProductDownload = [ 0, 1 ]

If this value is set to 0 (the default), Flash Player can install native code applications that are digitally signed and delivered by Adobe. Adobe uses this capability to deliver Flash Player updates through the developer-initiated Express Install process, and to deliver the Adobe Acrobat Connect screen-sharing functionality. If this value is set to 1, these capabilities are disabled. However, if you want to enable some but not all product downloads, set this value to 0 (or omit it) and then use the ProductDisabled option to specify which product downloads are not permitted.

ProductDisabled

ProductDisabled = application name
This option is effective only when DisableProductDownload has a value of 0 or is not present in the mms.cfg file; it creates a list of ProductManager applications that users are not permitted to install or launch. Unlike most other mms.cfg options, you can use this option as many times as is appropriate for your environment.

Security options

These options let you modify the default Flash Player security model. For more information on the security model, see Chapter 5, Security Considerations.

LegacyDomainMatching

LegacyDomainMatching = [ 0, 1 ]
This setting controls whether to allow a SWF file produced for Flash Player 6 and earlier to execute an operation that has been restricted in a newer version of Flash Player. Flash Player 6 made security sandbox distinctions based on superdomains. For example, SWF files from www.example.com and store.example.com were placed in the same sandbox. Flash Player 7 and later have made security sandbox distinctions based on exact domains, so, for example, a SWF file from www.example.com is placed in a different sandbox than a SWF file from store.example.com. The exact-domain behavior is more secure, but occasionally users may encounter a set of cooperating SWF files that were created when the older superdomain rules were in effect, and require the superdomain rules to work correctly. When this occurs, by default, Flash Player shows a dialog box asking users whether to allow or deny access between the two domains. Users may configure a permanent answer to this question by selecting Never Ask Again in the dialog, or by visiting the Settings Manager. The LegacyDomainMatching setting lets you override users' decisions about this situation. This setting does not have a default value. If it is not included in the mms.cfg file, the user can determine whether to allow the operation in a global manner (using the Settings Manager), or on a case-by-case basis (using an interactive dialog box). The values the user can choose among are Ask, Allow, and Deny. The default value is Ask. If this value is set to 1, Flash Player behaves as though the user answers allow whenever they make this decision. If it is set to 0, Flash Player behaves as though the user answers deny whenever they make this decision.

By default, local security is disabled whenever the ActiveX control is running in a non-browser host application. In rare cases when this causes a problem, you can use this setting to enforce local security rules for the specified application. You can enforce local security for multiple applications by entering a separate EnforceLocalSecurityInActiveXHostApp entry for each application. The filename string must specify the executable filename only, not the full path to the executable; if you specify a full path, the setting is ignored. You can optionally include the EXE (Windows) or APP (Macintosh) file extension. On the Macintosh, you can specify either the name of the actual executable or the name of an application bundle within which the executable is located. The text encoding of mms.cfg is significant when specified filenames include non-ASCII characters; see Character encoding on page 61.
DisableNetworkAndFilesystemInHostApp
DisableNetworkAndFilesystemInHostApp = "executable filename
This option is similar to EnforceLocalSecurityInActiveXHostApp, but applies to plug-ins as well as the ActiveX control, and imposes stricter security controls. When a plug-in or ActiveX control is running within an application specified, it will be as though the HTML parameter allowNetworking="none" had been specified. That is, no networking or file system access of any kind will be permitted, and the SWF running in the Flash Player will run without the ability to load any additional media or communicate with any servers. You can enforce local security for multiple applications by entering a separate DisableNetworkAndFilesystemInHostApp entry for each application. The filename string must specify the executable filename only, not the full path to the executable; if you specify a full path, the setting is ignored. You can optionally include the EXE (Windows) or APP (Macintosh) extension. On the Macintosh, you can specify either the name of the actual executable or the name of an application bundle within which the executable is located. The text encoding of mms.cfg is significant when specified filenames include non-ASCII characters; see Character encoding on page 61.
Socket connection options
These settings determine whether socket connections using the ActionScript Socket and XMLSocket classes are permitted. Socket connections also require the presence of a socket policy file on the target server; for more information, see Data loading through different domains on page 90.

DisableSockets = [ 0, 1 ]
This option enables or disables the use of the Socket.connect() and XMLSocket.connect() methods. If you dont include this option in the mms.cfg file, or if its value is set to 0, socket connections are permitted to any server. If this value is set to 1, no socket connections are allowed. However, if you want to disable some but not all socket connections, set this value to 1 and then use EnableSocketsTo to specify one or more servers to which socket connections can be made.
EnableSocketsTo = [ host name, IP address ]
This option is effective only when DisableSockets has a value of 1; it creates a whitelist of servers to which socket connections are allowed. Unlike most other mms.cfg options, you can use this option as many times as is appropriate for your environment. Note that the servers specified are target servers, to which socket connections are made; they are not origin servers, from which the connecting SWF files are served. The values specified here must exactly match the values specified in the ActionScript connect() methods. If you specify an IP address here, but the connect() method specifies a host name, the method fails even if that host name resolves to the specified IP address. Similarly, if you specify a host name here but the connect() method specifies an IP address, the method fails. Using this option does not take the place of a socket policy file on the target server. That is, this option has no effect if the specified server does not have a socket policy file.

GPU Compositing

Flash Player rendering can use the graphics processor unit (GPU) on the video card to accelerate image compositing. In certain circumstances, Flash Player disables GPU compositing. The option in this section lets you override this action and enable GPU compositing.

OverrideGPUValidation

OverrideGPUValidation = [ 0, 1 ]
The GPU compositing feature is gated by the driver version for video cards. If a card and driver combination does not match the requirements needed to implement compositing, set OverrideGPUValidation to 1 to override validation of the driver requirements. For example, you might want GPU compositing enabled during a specific test suite, even if the video driver in the test machine doesnt meet compositing requirements. This setting overrides driver version gating but still checks for VRAM requirements. Adobe recommends that you use this setting with care. Overriding GPU validation can result in rendering problems or system crashes due to driver issues. After completing the tests or programming tasks that require the use of this setting, consider setting it back to 0 (or removing it from the mms.cfg file) for normal operations.

To create a configuration file to trust a file or directory:
Create a new file in the Global FlashPlayerTrust directory using a text editor, and save it with a unique name. Choose a name for your trust configuration file that is unlikely to collide with the names of any other trust configuration files that might be installed. One good way to do this is to name the file after the particular product you are trusting. For example, if you are trusting an employee vacation application, you might call the trust configuration file EmployeeVacation.cfg.
Type or paste each directory path (any directory path on the users hard disk) or file name on a new line in the file. You can paste multiple directory paths on separate lines. When you finish, your file might look similar to the following:
# Trust all files in the Employee online calendar app C:\Program Files\Personnel\Employees\OnlineCalendar # Trust the file that checks remaining vacation days for an employee C:\Program Files\Personnel\Employees\VacationDaysRemaining.swf
In this example, the SWF file is not in the same directory as the online calendar app, so it must be trusted separately.
Save your changes. To test whether the files have been trusted correctly, you can do one of the following:
Run the SWF file named in the configuration file. Create a SWF file in the trusted directory that displays the value returned by the ActionScript API System.security.sandboxType (ActionScript 1.0 or 2.0) or Security.sandboxType (ActionScript 3.0). Run the SWF file in a browser, not through the use of the Test Movie command in Flash. (When SWF files run via Test Movie, local security is not implemented.) The value should be "localTrusted".

CHAPTER 4

User-Configured Settings
This chapter provides information on options end users can set for managing privacy and security settings when running Adobe Flash Player on their computers. This chapter includes the following sections:
Accessing user settings. 77 Privacy options. 78 Local storage options. 79 Update options. 80 Security options. 80 The User FlashPlayerTrust directory. 82

Accessing user settings

Flash Player lets users make a number of decisions regarding privacy, local storage, and so on. These settings are available to the user in three primary ways:
Pop-up dialogs that appear when Flash Player tries to perform an activity that requires user consent, such as accessing a camera or saving data to disk A tabbed set of dialogs that the user can display by right-clicking (command-clicking on the Macintosh) and choosing Settings from the context menu The Flash Player Settings Manager, a set of web pages that lets users specify preferences for all available settings.

Although the Settings Manager appears within the adobe.com website, it manages only local settings on users' computers, and does not transmit any information back to adobe.com. The Settings Manager is essentially a local control panel that is delivered via the adobe.com website. Flash Player takes great care to ensure that only the official Adobe Settings Manager application is capable of reading or altering users' settings.
In many cases, you can use the mms.cfg file to override user-specified settings, and implement more stringent or more accessible settings. For more information, see Chapter 3, Administrator Settings.
If you use the mms.cfg file to override user settings, the mms.cfg settings are not displayed to the end user. That is, users may think they are specifying a setting when, in fact, their choices are not being honored. If you think this might be confusing for your users, you might want to let them know that certain settings are unavailable to them.
Much of the information in this chapter is excerpted from the online help pages for Flash Player settings. The help pages are geared towards end users, and provide additional explanatory information that might help you or your users more fully understand certain options that are available. The home page for Flash Player help is www.adobe.com/go/ player_help_en.

NOT E 78

In the following sections, screen shots are provided to illustrate the pop-up dialog boxes and the tabbed Settings Panels. For Settings Manager pages, links are provided instead of screen shots, so you can navigate to that page and see the actual Settings Manager online.
Privacy options let the user specify whether an application can have access to the camera or microphone. Users specify these options in one of several ways, summarized below. You can use the AVHardwareDisable option in the mms.cfg file to override user privacy settings. The first time a site tries to access the camera or microphone, a pop-up dialog appears. This dialog lets the user specify a one-time preference to allow or deny access.
The Privacy tab lets the user allow or deny access to the camera and microphone for all applications from the current website without asking for permission each time.
The Website Privacy Settings Panel at www.adobe.com/go/website_privacy_settings lets the user specify settings for any of the web sites that have already requested permission to use the camera or microphone. The Global Privacy Settings Panel at www.adobe.com/go/global_privacy_settings lets the user reset privacy options for all web sites.

Local storage options

Local storage options let the user specify whether an application can place a shared object on their computer, and the maximum size that object can attain. Applications use shared objects to store data such as user names, game scores, shopping preferences, and so on. (For more information on local shared objects, see the article entitled What are local shared objects? at www.adobe.com/products/flashplayer/articles/lso. Users specify these options in one of several ways, summarized below. You can use a number of options in the mms.cfg file to override user local storage settings; see Data loading and storage options on page 64.

For more information on these options, see Security options on page 69 in Chapter 3, Administrator Settings.
The User FlashPlayerTrust directory
Application installers or end users can specify that certain files or directories of files that are stored on the users computer should be trusted, and be placed in the users local-trusted sandbox. (For a discussion of sandboxes, see Security sandboxes for local content on page 87.) Information on these trusted files is stored in a directory called the User FlashPlayerTrust directory. This directory registers files or directories as trusted only for the current user. (For information on registering files as trusted for all users, see The Global FlashPlayerTrust directory on page 74.) You can specify whether users can permit applications to be trusted; see Security options on page 69.
Information about trusted files can be placed in this directory in two ways:
An administrator or end-user can create a config file and store it in the User FlashPlayerTrust directory. A user without administrative rights can install an application that registers itself as locally trusted.
The User FlashPlayerTrust directory is located in the following location:
C:\Users\username\AppData\Roaming\Macromedia\Flash Player\#Security\FlashPlayerTrust
C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\#Security\FlashPlayerTrust /Users/username/Library/Preferences/Macromedia/Flash Player/ #Security\FlashPlayerTrust GNU-Linux ~/.macromedia/#Security/FlashPlayerTrust
For information on how to create and format these configuration files, see The Global FlashPlayerTrust directory on page 74.

CHAPTER 5

Security Considerations
Clearly, it is critical to maintain the security and integrity of your users computers when you install Adobe Flash Player. This chapter provides an overview of security, focusing on those aspects of particular interest to administrators deploying Flash Player. Adobe has developed a number of web pages, white papers, chapters in other books, and tech notes that address these security issues, as well as others, in more detail. For a list of these resources, see Additional security resources on page 91. This chapter includes the following sections:
Security overview. 85 Security sandboxes for local content. 87 About compatibility with previous Flash Player security models. 89 Data loading through different domains. 90 Additional security resources. 91

Security overview

As a computer system administrator, one of your primary responsibilities is to ensure the security and integrity of the data on the systems you manage. Adobe addresses Flash Player security in a number of ways, ranging from settings users can control individually to files that must be placed on servers to allow advanced applications to pass information between different domains.
Because of security issues that arise with relation to Internet access, Adobe (and formerly Macromedia) has implemented more stringent security measures with each release of Flash Player. Through improvements in the security model, Flash Player 10 by default provides much stricter limitations on potentially malicious activities than earlier versions of Flash Player. (In fact, some of these improvements can require you, application authors, or end users to specifically permit actions that were permitted by default in earlier players; see About compatibility with previous Flash Player security models on page 89.) Additionally, you can control a number of security-related settings through the use of a config file that you deploy on a users system when you deploy the player. Depending on how security settings are permitted or prohibited by the application author, the end user, or you (the administrator), Flash Player may or may not be able to download files to the local disk, upload files from the disk, write shared objects to disk (sometimes referred to as Flash cookies), access and run other SWF files on the local disk, or communicate between the local disk and the Internet. In addition, there are certain activities that Flash Player can never perform, such as reading the path of a local file. For example, even if an application (SWF file) tries to upload or download a file, the application cant set the default file location for the file; the default location shown in the dialog box is the most recently browsed folder, if that location can be determined, or the desktop. Also, the application cant read from or write to the transferred file. In fact, the SWF file that initiated the upload or download cant access the uploaded or downloaded file or even the file's location on the user's disk. Another example is that a SWF file can never determine the contents of a local directory. With regard to ensuring security of users computers, the areas of primary interest to administrators are the following:
How Flash uses security sandboxes to determine whether and how a SWF file on the local disk can communicate with SWF files on the network (see Security sandboxes for local content on page 87) How users can interactively allow or prohibit certain potentially malicious activities (see Chapter 4, User-Configured Settings, on page 77) How you can deploy a configuration file to override choices users might make with regards to security and privacy issues (see Chapter 3, Administrator Settings, on page 59)