“Adobe AIR data privacy and security” - slides, notes, links

Posted June 9, 2009 10:03 am
Filed under: AIR, Application Design, Flex, local SQL database, Presentations, Privacy/security, SQL

On May 20, 2009 at the 360|Flex conference in Indianapolis I gave a presentation titled “Adobe AIR data privacy and security.” As I always do (and after a bit of a delay), here are the slides from my presentation. I’ve added fairly lengthy notes to the slides (I had to make the font smaller so they’d fit on the pages) so it’s more than just bullet points.

Adobe AIR data privacy and security slides, notes, and links (1 MB .zip)

As a side note for those who actually attended the presentation, in retrospect I think I over-emphasized the security concerns and didn’t emphasize enough that there are plenty of use cases for which AIR is definitely secure — especially in the case where you need to keep the user’s private data secure. Hopefully the notes that accompany the slides help to clarify this somewhat.

I also used and referred to a number of resources in my presentation, which are listed below. The download .zip with the slides also includes an html page with all these links.

Introduction

Background

AIR application installation

Modular applications

Local shared objects

[No links]

Encrypted Local Store

Local files

[No links]

Local SQL database (SQLite)

You can leave a comment, or trackback from your own site.

  • http://www.churchillsecurityguards.co.uk Churchill Security

    Hi, thankyou for your awesome share. Sorry I couldn’t make your presentation at Flex, however I am interested to know your thoughts on the security vulnerabilit on SQL injection, I have already spent months writing internally our code, only to find that I need to re-write it due to running the risk of my sql statements being wrote incorrectly. (slide 52) ? Or am I just completely confused?

  • mark bramblett

    hi,

    thanks for this great comp sci tech info dump. I just loaded adobe acrobat reader v9, adobe photoshop elements v8 and acrobat professional v9.

    they have loaded support adobe air runtime support.

    __________

    have a very simple question. I have remote connection turned off on my personal system for good reason.

    I don’t know if I want the security hole having thin or thick client network apps lounging and grazing (like cows :O) on my system.

    I use adaware and adwatch in real time to catch most things and obviously like many people I run NIS 2010 for the basics.

    __________

    I saw that this runtime and application model is using digital cert’s. is the certification authority and digital certs being registered to application vendors the same CA and digital certificates being registered to companies and their servers?

    the point is microsoft gives new digital cert updates that load on our operating systems as a routine basis. are the new adobe AIR certs going to come from the same pool?

    this seems like an awfull important point. I don’t know if I want adobe air runtime activated on my machine and I will go ahead and ask the norton and adaware people if they will filter in realtime for these types of potential hacks.

    but my real question since you have obviously done a wonderful bit of research on the topic - is who is the certificate authority for these new kind of certs, how are they propagated to normal people like me (i.e. is adobe going to be the Cert Authority and manage these just like microsoft or any trusted network provider or is this all up in the air).

    thank you… your comments will really help me decide how much adobe Air support I want to activate on my machine.

    best regards,

    mark bramblett

  • Varun Sood

    Really helpful and informative….. excellent effort mate!

    Thanks for sharing

Articles by Type

Articles by Topic

Random Reading

Currently...

Adobe MAX 2011 Speaker H. Paul Robertson: Adobe Community Professional

Subscribe