Comments on: The Battle of AIR and Light (Silver) http://www.adamflater.net/2008/01/30/the-battle-of-air-and-light-silver/ Tech, UX, Design Wed, 04 Jan 2012 21:31:56 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Adam Flater - Universal Mind http://www.adamflater.net/2008/01/30/the-battle-of-air-and-light-silver/#comment-65 Adam Flater - Universal Mind Wed, 30 Jan 2008 21:39:00 +0000 http://www.adamflater.net/?p=28#comment-65 Thanks for your additions Mike. That makes sense. I didn’t see your 2nd post until after I wrote mine… good stuff.

]]>
By: Anonymous http://www.adamflater.net/2008/01/30/the-battle-of-air-and-light-silver/#comment-64 Anonymous Wed, 30 Jan 2008 21:34:00 +0000 http://www.adamflater.net/?p=28#comment-64 Nice post.

Couple of comments of the security:

>The first is data protection.

As you noted, this could be handled by data / communication encryption. However, if a malicious app is already running on your desktop, it could probably still get the data by reading memory (which is a potential issue with just about any native app).

>The second security risk is that another process might hijack the proxy process.

Well, in the current proxy proof of concept, the proxy requires an auth id token that is generated at runtime, and passed to the air app that will communicate with it. Off the top of my head, I don’t see how an AIR app could get this key.

A native app (such as a .net) app might be able to get it by:

1. sniffing the communication (solved by encrypting it)

2. or reading the proxy’s / air apps memory.

However, in the case of #2, why go through all of that trouble, as the native app doing the sniffing, could just go ahead and do whatever bad thing it wanted (without hijacking the proxy).

So, while the proof of concept code I posted is definitely not meant for production projects, I still haven’t seen any fundamental security reasons why this architecture would be problematic (although there are definite development and deployment issues).

More on this in this post:
http://www.mikechambers.com/blog/2008/01/22/commandproxy-its-cool-but-is-it-a-good-idea/

mike chambers

mesh@adobe.com

]]>
By: RJ http://www.adamflater.net/2008/01/30/the-battle-of-air-and-light-silver/#comment-63 RJ Wed, 30 Jan 2008 20:39:00 +0000 http://www.adamflater.net/?p=28#comment-63 Great post. I appreciate the summary, and I agree with your comments on ubiquity: as a developer, I’m more concerned with getting the job done in the best way possible than being loyal to either brand.

Another way to put that is the brand who makes their product the most flexible will engender the most good will amongst developers.

]]>
By: Adam Flater - Universal Mind http://www.adamflater.net/2008/01/30/the-battle-of-air-and-light-silver/#comment-62 Adam Flater - Universal Mind Wed, 30 Jan 2008 04:53:00 +0000 http://www.adamflater.net/?p=28#comment-62 Thanks Scott. Although I spend most of my time in the Adobe community these days I appreciate the balance from someone like yourself. I hope I create something interesting enough for your commentary someday.

]]>
By: MossyBlog http://www.adamflater.net/2008/01/30/the-battle-of-air-and-light-silver/#comment-61 MossyBlog Wed, 30 Jan 2008 04:12:00 +0000 http://www.adamflater.net/?p=28#comment-61 Adam,

Well written. You handled the overall conversation better than I did and I respect that.

-
Scott Barnes
RIA Evangelist
Microsoft.

]]>