Sorry - typo. That should have been: You _don't_ need to worry about encryption in this scenario. If you're worried about encrypting bytes sent over LocalConnections (just a block of shared memory on your local system), I'd assume you'd also need to be worried about those same values in the memory space used by the Player or AIR instances that are communicating via LocalConnections. Given the GC'ed nature of ActionScript, you don't have direct control over how long variables will stick around. So if there's a rogue process running locally that can scan and read anything in system memory, the values in Player/AIR memory space are just as vulnerable as values in the shared memory block used for LocalConnections. If that's the case, then you have bigger issues to worry about than encrypting what you're exchanging via LocalConnection, like getting good anti-virus software installed or something :)
Best, Seth -----Original Message----- From: Seth Hodgson Sent: Wednesday, January 28, 2009 2:50 PM To: '[email protected]' Subject: RE: [flexcoders] Re: localconnection data encrypted? There's no network involved. More details here: http://greetingsfromoakland.blogspot.com/2008/11/zen-and-art-of-localconnection.html You need to worry about encryption in this scenario unless you're worried about other processes on the local machine trolling randomly through memory... What you likely do need to worry about are the gotchas mentioned in the blog post. Best, Seth From: [email protected] [mailto:[email protected]] On Behalf Of Pete Appleby Sent: Wednesday, January 28, 2009 2:45 PM To: [email protected] Subject: [flexcoders] Re: localconnection data encrypted? It would seem that there is a network connection being used, but I have not been able to find out for sure. The localconnection allows different versions of the Flash player to communicate via AMF0. This leads me to believe that the network is being used as opposed to a shared memory model. It would be nice to know for sure, but it is now a moot point for my applications. I have taken the time to implement RSA encryption in my communication classes so that the two AIR applications exchange public keys at the time of the first Send command. Once the handshaking of public keys has been completed, the future messages are encrypted and pushed out through the use of the Send method. The receiving app then decrypts the message using its private keys. I am storing the keys in the encrypted local store. That brings up the question of just how secure is the encrypted local store? Pete
