Couple of comments of the security:

>The first is data protection.

As you noted, this could be handled by data / communication encryption. However, if a malicious app is already running on your desktop, it could probably still get the data by reading memory (which is a potential issue with just about any native app).

>The second security risk is that another process might hijack the proxy process.

Well, in the current proxy proof of concept, the proxy requires an auth id token that is generated at runtime, and passed to the air app that will communicate with it. Off the top of my head, I don’t see how an AIR app could get this key.

A native app (such as a .net) app might be able to get it by:

1. sniffing the communication (solved by encrypting it)

2. or reading the proxy’s / air apps memory.

However, in the case of #2, why go through all of that trouble, as the native app doing the sniffing, could just go ahead and do whatever bad thing it wanted (without hijacking the proxy).

So, while the proof of concept code I posted is definitely not meant for production projects, I still haven’t seen any fundamental security reasons why this architecture would be problematic (although there are definite development and deployment issues).

More on this in this post:
http://www.mikechambers.com/blog/2008/01/22/commandproxy-its-cool-but-is-it-a-good-idea/

mike chambers

mesh@adobe.com

Another way to put that is the brand who makes their product the most flexible will engender the most good will amongst developers.

Well written. You handled the overall conversation better than I did and I respect that.

-
Scott Barnes
RIA Evangelist
Microsoft.