Adobe

MAX Session: Maintain Security With Adobe AIR

2 comments 2
Posted by Ethan Malasky in MAX

It was my pleasure this week to co-present a session this week with Peleus from the Product Security Team. We discussed things developers should know and do to maintain security in their AIR applications.

Users grant AIR applications a lot of privilege, so developers naturally want to use that power wisely and write applications that are difficult for attackers to abuse. The talk was similar to the talk I gave on the onAIR Europe tour, but longer and more technical.

The slides are
available in PDF and are viewable below thanks to the magic of Share.


  • Posted on November 22, 2008 at 5:21 PM in MAX

IMPORTANT: Comments are approved by a member of our team. Depending on when you comment, it may take up to two days for us to approve your response.

Comments

November 24

Kamela writes:

Thx, that's pretty usefull!

June 20

Andrea writes:

Hi Ethan,

Thanks a lot of your complete and well-written presentation on security in Adobe AIR.

I am facing a problem though, while I am creating an AIR application accessing Flickr and Amazon S3 APIs.

How can I store my secret keys to access those services?

1. If I include the key in the source code, it can be decompiled
2. If I encrypt the keys and package them with the .air app, I should use some robust algorithm like AES-256, but then again I would have the problem of including in the source code also the AES key to decrypt the API keys
3. If I store the API keys on a remote web server that I control, I would not know how to control the only my AIR app can download them.

How would you approach this particular problem?

Thanks,
Andrea

Leave a comment


Featured Posts

  • JavaScript Memory and CPU Profiling in Adobe AIR 2

    By Rob Christensen

    One of the biggest challenges our team continued to hear from JavaScript developers using Adobe AIR 1.5 was that it was too difficult to track down CPU and memory issues within their HTML-based AIR applications. To help JavaScript developers...

  • Adobe AIR 1.5 Supports Windows 7

    By Rob Christensen

    We are pleased to announce that the current version of Adobe AIR (1.5.2) supports Windows 7. For additional information on supported operating systems, please see our Adobe AIR system requirements page....

  • MLB.com Releases Desktop App Powered by Adobe AIR

    By Rob Christensen

    Major League Baseball released an Adobe AIR application called MLB.com OnBase. The application provides information about your favorite baseball teams including news, recent comments on Twitter, scores, schedule information and more. You can also configure the application to display desktop...

Archives

Categories

About

Adobe AIR

The Adobe® AIR™ runtime lets developers use proven web technologies to build rich Internet applications that deploy to the desktop and run across operating systems. Continues

Maxexplorer

Next Steps

AIR on Labs

Resources

Adobe AIR Blogs

Other Teams

Related AIR Blogs

All Adobe Blogs