« Comment barriers | Main | PDF packaging, security »

June 27, 2007

AIR, security

AIR, security: I missed this in MXNA yesterday and don't see many links yet, so a little bump might be useful. Paul Robertson, a technical writer on the Adobe Integrated Runtime team, discusses the different ways to locally store sensitive data. The browsers' cookies and Google Gears are invocable by the entire web, and so a per-domain policy setting is applied. AIR installations are only performed from trusted sites, and local SQLite storage thus shares data among these trusted applications. This enables easy migration, as well as multi-app coordination reminiscent of the Blast! data-sharing features in the early Macromedia Central project. To deter other local applications from reading your data you could segment the data out by user & app, but you're really looking at encryption to make your local data too expensive for other local applications to effectively read. This is a subtle difference between in-the-browser apps and beyond-the-browser apps: browser pages are usually created by strangers, and so data must be separated across domains; AIR applications are only downloaded from trusted sources, and so the norm is data-sharing, with encryption as a separate option. [via Tim Anderson]

Posted by JohnDowdell at June 27, 2007 01:08 PM

Trackback Pings

TrackBack URL for this entry:
http://weblogs.macromedia.com/mtadmin/mt-tb.cgi/8847

Comments

I have yet seen any signed apps.

Posted by: Chris Charlton at June 27, 2007 05:13 PM

Forgive me for not reading the docs fully or your post above... but are you saying local SQLite data is shared among all AIR apps? I suppose that sorta makes sense in that you're giving any AIR app access to your disk (right)? But how will your app know where my app is writing data? Or are you saying there's one central location for the SQLite data?

Also, what do you mean by the term "trusted app"? Do you mean just any EXE you install and run on your desktop (like any fully featured AIR app)? Or is there some other setting somewhere in the install or OS that lets you designate some apps as trusted and others not? Is it just a generic term that you're using?

Yeah, I haven't seen any signed apps either.

Posted by: Phillip Kerman at July 2, 2007 10:49 PM

Post a comment




Remember Me?



(you may use HTML tags for style)