In the RIA world, Flex and AIR applications have really taken off. With that has come increased adoption by Fortune 500 companies and new enterprise-level apps taking advantage of the Adobe Flash platform. Application and data security should always be a concern of the Flex/AIR developer. The level of paranoia the developer should implement must be weighed against the goals of the project. For example, if you’re developing an open source or advertising-supported application intended for a wide public audience, you probably want to implement fairly minimal security measures in order to reach the widest audience and limit the amount of time you spend managing users in the system. On the other hand, if you’re being contracted to write a dashboard application for a large company or government for internal use, you’d probably want to implement security measures at the high-end of the spectrum.
In this series of three articles on the topic of Encryption in Flex Applications, we’ll first cover a basic data encryption and storage example in a Flex application. In article two, we’ll look at using an interface and doing some minimal encryption on a SWC file to protect an example commercial library we want to sell. In the final installment, we’ll take a look at using some of the features of NitroLM.com which is a commercial API for user registration, management, and entire application encryption.
In Adobe’s newly-released version of AIR 1.0, they provide an API for storing encrypted data to the hard drive. The flash.data.EncryptedLocalStore class uses the Windows DPAPI or KeyChain on MacOS to store and retrieve encrypted data as a ByteArray. Unfortunately, this capability isn’t available to us in a Flex application. In this example, I’ll demonstrate creating similar functionality by encrypting data stored in a local SharedObject.
The first thing we need is to download an encryption library to use in our Flex application. I’m using AS3Crypto (http://crypto.hurlant.com) created by Henri Torgemane. I recommend downloading the source code so you can debug easier and see how the encryption is working.
In this example (view-source enabled), the user can save a username and password between runs of the application to be used by a web service. It’s not totally secure since the randomly generated key is stored along with the encrypted data. I’ll leave it as an exercise for the reader to come up with clever ways to obfuscate the key or use alternative server-side repositories that are more secure.
FlexEncryptionExample1 example
Let’s walk through the code. We have two main methods, encryptedLoad() and encryptedSave(). encryptedSave() generates a random 16 byte key, and runs the AES-128 encryption algorithm on our username and password that we’ve packaged into a ByteArray.
private function encryptedSave():void
{
var so:SharedObject = SharedObject.getLocal("encryptedStore");
var key:ByteArray = new ByteArray();
var random:Random = new Random();
random.nextBytes(key, 16);
var cleartextBytes:ByteArray = new ByteArray();
cleartextBytes.writeUTF(username.text);
cleartextBytes.writeUTF(password.text);
var aes:ICipher = Crypto.getCipher("aes-ecb", key, Crypto.getPad("pkcs5"));
aes.encrypt(cleartextBytes);
var dataToStore:ByteArray = new ByteArray();
dataToStore.writeBytes(key);
dataToStore.writeBytes(cleartextBytes);
so.data.ws_creds = dataToStore;
so.flush();
username.text="";
password.text="";
}
encryptedLoad() reads in our key and uses it to decrypt the rest of the ByteArray. The values are then loaded into their respective form fields from the decrypted ByteArray.
private function encryptedLoad():void
{
var so:SharedObject = SharedObject.getLocal("encryptedStore");
var dataToLoad:ByteArray = so.data.ws_creds;
var key:ByteArray = new ByteArray();
dataToLoad.readBytes(key, 0, 16);
var encryptedBytes:ByteArray = new ByteArray();
dataToLoad.readBytes(encryptedBytes);
var aes:ICipher = Crypto.getCipher("aes-ecb", key, Crypto.getPad("pkcs5"));
aes.decrypt(encryptedBytes);
encryptedBytes.position = 0;
username.text = encryptedBytes.readUTF();
password.text = encryptedBytes.readUTF();
}
Hopefully with this example, you can start to see some of the possibilities for encrypting your data using Adobe Flex/AIR.
相关推荐
org.springframework.flex-1.0.3.RELEASE.jar.zip用于JAR包,org.springframework.flex-1.0.3.RELEASE.jar.zip用于JAR包org.springframework.flex-1.0.3.RELEASE.jar.zip用于JAR包org.springframework.flex-1.0.3....
spring-flex-1.5.0.M2-dist.zip spring-flex-1.5.0.M2 spring-flex-1.5.0.M2.jar SBI
离线安装包,亲测可用
安装wireshark时找到的资源,分享给需要的人。 已经忘记当时为什么安装wireshark需要安装flex了,可能系统信息不全,或者裁剪版的吧 总之,分享给有需求的人
跟我StepByStep学FLEX教程------王一松.pdf
flex-2.6.4.tar.gz
openwrt xz-5.2.1.tar.bz2+xz-5.2.1.tar.bz2
基于openEuler20.03TLS版本编译openGauss源码时需要的软件包: 1. openeuler-lsb-5.0-1.oe2203.src.rpm 2. git-lfs-linux-arm64-v3.3.0.tar.gz 3. flex-2.5.39.tar.bz2
flex-messaging-opt.jarflex-messaging-opt.jarflex-messaging-opt.jarflex-messaging-opt.jar
flex-messaging-proxy.jarflex-messaging-proxy.jarflex-messaging-proxy.jarflex-messaging-proxy.jar
spring-flex-1.5.0.RELEASE spring-flex-1.5.0.RELEASE spring-flex-1.5.0.RELEASE spring-flex-1.5.0.RELEASE
非常好DEMO参考,这个项目已经转到Apache名下了,最新的版本1.2,308个例子,已经全站打包,搜索:flex-tour-de-flex-component-explorer-1.2-308demo。开源代码http://flex.apache.org/download-tourdeflex.html
离线安装包,测试可用
MyEclipse+Flex+BlazwDS+tomcat环境配置-20110516-左超.docx
直接打开压缩包就是原文件...flex是用于生成扫描仪的工具:识别文本中的词汇模式的程序。 直接打开压缩包就是原文件 flex代码库保存在GitHub上的Git中。 可以在github版本页面上找到带有某些中间文件的flex的源版本。
flex-2.5.4a flex-2.5.4a-29.i386 flex-2.5.4a-29.i386.rpm
原是.tar.gz,为了可以上传成功,解压缩成.tar
1 1 跟我StepByStep学FLEX教程------概述(原创) 1 2 跟我StepByStep学FLEX教程------Flex3及Flex Builder安装(原创) 1 3 跟我StepByStep学FLEX教程------Hello World(原创) 1 4 跟我StepByStep学FLEX教程--...
flexlib - 2.5 - flex4.zip ,flexlib-.2.4.zip