One of the most interesting to me was Ethan Malasky’s on developing secure AIR applications. We were given a good breakdown of AIR’s security model alongside practical explanations of why the decisions had been made. Ethan had a special “unsecured” version of AIR running on stage and proceeded to demonstrate how a code injection could be used to delete files on a users hard disk. Thankfully this version is not in production!
AIR security had been a stumbling block for me from day one when I tried to implement a js framework that uses the
eval() method. Adobe has disabled this and some other potentially harmful methods in AIR’s default application context. At first I was pretty annoyed about this but after listening to their reasoning and being presented with the official Adobe work around I’ve come to understand why it’s a good idea. After a bit more investigation I hope to make a later post on using methods such as
eval() in an AIR application, but for those of you that can’t wait it relies on using different application sandboxes and using a sandbox bridge.
All in it was a great day out and really opened my eyes to some of the potential in AIR, I’m hoping to do a lot more with this stuff in the coming months so keep an eye out.