Cliff Saran’s Enterprise blog

Feb 26 2008   11:03PM GMT

Could Air lack security substance?

Cliff Saran Profile: Cliff Saran

Tags:
Adobe
air
Security

I like the idea of Rich Internet Applications (RIAs). As such, I think Adobe Air could be truly great as a way of bringing together the idea of web-based server computing with the rich UI of the PC graphical user interface.

I am concerned, however.

RIAs allow access to the client device in a way that would be near impossible with browser-based computing.

So when Adobe told me about Air and its rich Internet runtime environment, I could see the potential. I could also see a big problem…

RIAs can write to the hard disc and networks of a client device. This means they could be used to corrupt a PC if someone wrote a rogue RIA.

Adobe’s answer is signed applications. An application needs a certificate before it’ll run. This is great but could restrict the adoption of Air as an Internet format. So Adobe allows developers to self-sign, in other words, anyone is able to produce an application and make sure it gets a valid certificate. The end user is warned to check the certificate and allowed to download and run the Air application.

Now we are all aware of how stupid some end users can be. So doesn’t Adobe’s approach seem a tad irresponsible? Haven’t we learned anything about the level of deceit that is possible today from even a basic phishing attack? End users don’t think logically, they will download anything they find remotely interesting.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: