Adobe AIR Security
Adobe recently launch of AIR, previously know as Apollo, a cross-platform framework to deploy flash style applications to the desktop and web. The new applications are called RIA’s - Rich Internet Applications. Every time there is a new web offering it is subject to security evaluations by many curious minds, AIR will be no exception. Adobe engineers have released a few resources on the security model of AIR, check them out at “AIR Security” 
AIR defines logical containers called “application sandboxes” to limit what the AIR application can access, similar to cross-domain, cross-frame restrictions. Adobe for its part has documentation out to educate developers on do’s-dont’s for good security “Best Security Practices“, lets hope the the RIA developers heed to these. It’s always a classic in the security world to see functionality and first-to-market driving development cycles with security as after thought.
The AIR is out, let the analysis begin! for starters play with SandboxBridges
Setting up a parent-child sandbox relationship
AIR adds the sandboxRoot and documentRoot attributes to the HTML frame and iframe elements. These attributes let you treat application content as if it came from another domain:
Attribute Description sandboxRoot The URL to use for determining the sandbox and domain in which to place the frame content. The file:, http:, or https: URL schemes must be used. documentRoot The URL from which to load the frame content. The file:, app:, or app-storage: URL schemes must be used.
No related posts.
