About Air Security
The air environment provides the ability to access operating system resources similar to General desktop programs. The air program is less restrictive than the HTML files in the SWF or browser, so security issues may occur, therefore, it is very important to correctly understand the security model of the air program.
Installation Wizard Security Warning
During the installation of the air program, the user will see a security prompt, which is the prompt information provided by the air program developer and the type of operating system that allows the program to access, this information gives you a general idea when installing the program.
Security hourglass
In the air beta version, the air program can access the local file system in a specific security Hourglass. In the future air version, application resources will have different security Hourglass, this depends on how the air program is installed.
For SWF, you can set the Security hourglass type attribute (sandboxtype attribute) to read-only, because SWF can be included in the air program, which is a constant of security. application.
All other resources not installed with the air program are placed in the same security hourglass, remote resources are placed in the hourglass according to the source domain, and local resources are placed in the local-with-networking, local-with-filesystem, or local-trusted.
Resource access privileges in the air program Security hourglass
Swf in the air application security hourglass can access SWF files from other domains through scripts. However, by default, external SWF files are restricted to access swf in the air application security Hourglass.
The SWF file and HTML content in the hourglass of the air program can read the content and data in any domain.
The SWF file installed with the air program does not need to find the cross-domain policy file. To increase the permission, you can call the security. allowdomain () method.
Air provides enhanced privileges for SWF files and HTML content in the air program Security hourglass, including reading and writing local resources and files.
Robust application development best practices
When writing an air program, you need to know that although you use web technology, it is not restricted by the browser security Hourglass. That is to say, the air program may intentionally or unintentionally damage the local system, air tries to minimize this risk, but such vulnerabilities may still occur.
The biggest risk is that when reading external data or content, you must always pay attention to whether the data in use comes from the network or local system, the following examples all have potential risks:
When external content is introduced
This causes the risk of script injection:
1. If the content read by a textfield object contains a link, the link may execute unpredictable results.
2. If the program reads a untrusted SWF, the SWF may be executed with invalid privileges.
3. If the program reads the JSON content from an external program, the content may access the runtime privileges.
Data that affects program behavior
This will lead to weak security. For example, if a program uses data from the network to detect a file name or write a configuration file, it needs to check whether the data is secure and whether it comes from a trusted data source.
If you have encountered weak security issues such as configuration and options, please tell Adobe that Adobe is currently dealing with these security issues, then they will give you an official version of air 1.0 first.
Security constraints on HTML content
HTML content is stored in the same safe hourglass model as other air content, but there are some special situations. If the content is within the program Security hourglass, the HTML content in the HTML control object can only access the security constraint's runtime class (such as the JavaScript Object window. runtime ). For HTML-based programs, the data loaded from the application Resource Directory (top-level frame) can always access the runtime class, the permissions of the data loaded outside the application resources are consistent with those of the original domain, whether it is the sub-framework or (IFRAME), or the data read through page positioning, you cannot access the runtime class restricted by air security. By default, non-program content cannot access cross-script content, such as the Javascript window attribute. nativewindow and htmlcontrol cannot work outside the program Hourglass. To secure access scripts, you can use the flash. system. Door API to create a strict communication gateway that provides a limited interface between program content and non-program content.