We are currently working on making some changes in DIF. Soon we'll have candy for you all! Check back for news!

“SecurityError: Error #3015: Loader.loadBytes() is not permitted to load content with executable code.”

Posted: May 14th, 2008 | Author: Ivan Valadares | Filed under: Actionscript3, Adobe AIR, Code |

In the last month I thought Adobe had protect the loadBytes method from the loader so that only “regular” files like mp3, jpg, etc could be loaded, lots of good library’s like Benjamin Dobler wav reader stop working. What I think it is that in last version of flash player Adobe turn allowLoadBytesCodeExecution to false. If you see Adobe documentation they have written “Note: This API is likely to be replaced in a future release of AIR.” If anyone knows what really happen let me know. Now the good part, to solve that is simple, you only need to set allowLoadBytesCodeExecution to true.


5 Comments on ““SecurityError: Error #3015: Loader.loadBytes() is not permitted to load content with executable code.””

  1. 1 derRaab said at 3:45 pm on June 17th, 2008:

    Thank’s for this information! I used and mentioned it here: http://blog.derraab.com/2008/06/17/select-and-access-local-swf-files-within-an-air-application/

    Kind regards

  2. 2 boo said at 7:15 am on June 27th, 2008:

    this?

    http://blog.washingtonpost.com/securityfix/2008/05/exploit_inthewild_patch_your_f.html

  3. 3 Zeh Fernando » Blog Archive » Why I love the ActionScript development community said at 5:19 pm on November 25th, 2008:

    [...] turns out a quick search on Google gives me this page where someone else tell what’s it all about and how to solve it. Bam, I patch my version of [...]

  4. 4 Ethan said at 8:05 am on December 1st, 2008:

    allowLoadBytesCodeExecution was added to prevent developers from accidentally making an extremely dangerous mistake. Code loaded via loadBytes() runs in the loader’s security domain, with all associated privileges.

    This means that any attacker that can get their content into your ByteArray (by putting something on their server, or hacking *your* server, etc), can get their code to run on your users’ machines.

    Please DO NOT blindly enable allowLoadBytesCodeExecution. Instead, you must be 100% confident that the bytes you’re loading belong to you. They will be running with all the privilege that the user gave you when they installed your application.

    See my blog or the best practices section in the AIR security docs: http://help.adobe.com/en_US/AIR/1.5/devappsflex/WS5b3ccc516d4fbf351e63e3d118666ade46-7e59.html

  5. 5 Jay said at 11:22 am on April 22nd, 2009:

    Hi,

    Google helped me find this site. Turns out it helped solve another problem, although it makes it even more important now to download and use only certified AIR files.

    http://www.veryinteractivepeople.com/?p=67&cpage=1#comment-38

    :)


Leave a Reply