My Flex application works fine when run from Flex Builder, but when deployed to server, I get security related errors. Why?
Problem
Flex application runs perfectly when launched from Flex Builder. But when it is deployed to a server, several things do not work due to security related errors.
Solution
Always keep in mind that your application file (SWF) is put in a trusted application list by Flex Builder. When you deploy it to a server, it does not fall into the trusted category and hence encounter security related errors usually related to cross domain resource access or scripting.
Detailed explanation
A sandbox is a logical grouping of rules. Every Flex / flash application is put into a sandbox. There are two main kinds of sandboxes: Network and Local.
The Network sandbox is further subdivided according to the point of origin of the SWF file. That is, there is a sandbox each for each domain from which the SWF is loaded. SWF loaded from a.com and b.com are put into two different sandboxes.
Read across sandboxes is strictly controlled and requires the use of a policy file (crossdomain.xml). This rule is relaxed when the SWF file is run locally and is trusted. Flex Builder 3 by default puts the SWF files that it generates into the trusted list. So, cross domain related security errors only popup when the application is deployed to a local or a remote server.
For more information regarding security and cross domain, read the flash player 10 security white paper.
Note: You will encounter this only if you have not set a output URL which points to a local or remote server in your Flex Builder project setting. If you set an output URL, then it does not put the SWF file in the local-trusted sandbox.
