Saving Encrypted Data in AIR

Have you ever wanted to store a users password, you know, that little checkbox that says 'Save Password' on any login form. Or maybe you just want to persist a session token or other information. You could use the Local Shared Objects or even the File API, but that isn't very secure. How do you store sensitive information that your AIR application needs to persist?

Luckily, there is an often overlooked API for just this use case. It is called the EncryptedLocalStore and is actually quite simple to use. The EncryptedLocalStore API persists data to the local system using a name-value pair scheme that is specific to each application. The name is a simple string, and the data is a ByteArray. The data is stored using both the application ID and the user information from the local system, so other AIR applications and other users cannot access the data. This API is actually hooking into the Keychain functionality on Mac and DPAPI on Windows. The data is encrypted using AES-CBC 128-bit encryption. So the main point to take away is that the data is very secure and other AIR apps or users will not be able to easily access it.

So, how do you actually use the API? Well, lets assume that we have a session ID that is a string and we want to persist in the EncryptedLocalStore. Lets also assume that the session ID is stored in a variable called 'sessionId'. One thing to keep note of is that the data must be stored as a ByteArray, so we first need to create a ByteArray instance and add the string value to it. The code might look something like this:
PLAIN TEXT
Actionscript:

1.
var bytes:ByteArray = new ByteArray();
2.
bytes.writeUTFBytes( sessionId );
3.
EncryptedLocalStore.setItem( "sessionId", bytes );

To retrieve the data, you simple retrieve the ByteArray using the getItem API, and then read your UTF string value out of that ByteArray:
PLAIN TEXT
Actionscript:

1.
var sessionIdBytes:ByteArray = EncryptedLocalStore.getItem("sessionId");
2.
var sessionId:String = sessionIdBytes.readUTFBytes( sessionIdBytes.length);

To remove an item from the store, you simply call the removeItem API:
PLAIN TEXT
Actionscript:

1.
EncryptedLocalStore.removeItem("firstName");

There are a few things to note when using the EncryptedLocalStore API. First, the API is syncronous and is geared towards small amounts of data. While there is no practical limit, any ByteArrays larger than 10MB might cause performance issues. Second, when debugging your application using ADL, we are actually using a different store than what is being used for installed applications. And last, when uninstalling an AIR application, the data in the EncryptedLocalStore is NOT deleted.

One last note as well, this API is available to both Ajax and Flash based AIR applications, like all ActionScript APIs.

Free Flex Builder 3

As announced recently, Adobe is offering Flex Builder 3 with Charting free of charge to educational establishments and students. The link to register for your free download is now on the Adobe developer connection site, or you can access the registration site directly at Register Link

When registering you will need to provide proof of eligibility - so that means you’ll need to scan in a copy of your student ID or a letter on an educational institution letterhead stating that you are a current student. Once you’ve got that you’re good to go and get your free copy of Flex Builder.

Cheers

Varun Rathore

List of JVM options

I just want to share what I believe is the most extensive list of JVM options - most of them cannot be found in the original documentation. Also you can find a lot of useful resources related to garbage collection and performance.

Cheers

Varun Rathore

Flex and Java application with LCDS (LiveCycle Data Services) without server side code

LCDS 2.5 brought a new assembler, SQLAssembler. SQLAssembler lets you connect your Flex client to your database. Usually, when you read/write data with LCDS, you create your own Java adapter to handle these operations. With SQLAssembler, instead of writing the Java code for accessing the database, you configure access to the database and write the SQL for read/write/delete directly into the data-management-config.xml file (this is a configuration file used by Flex data services). Basically, you write some simple XML with some SQL for each operation, and you don’t need to write a single line of Java. But, you get a full CRUD application, with all the benefits of Flex Data Services: collaboration, conflict resolution, paging. If you need for some operations to use stored procedure instead of SQL statements, there is no problem as SQLAssemberl has support for them.

Why should you use SQLAssembler?

I will not try to fool you. Probably it isn’t good for complex applications, where you have a lot of business logic on your server. But, it could come in very handy when you need to create a simple application, maybe a quick prototype for example. And the best thing is that if, for some reason, you decide that you need a custom assembler or HibernateAssembler instead of SQLAssembler, there should be little to change in the Flex client code, if anything at all. And, as you will see in this article, I can use this assembler to create a full CRUD application for one-to-many relationship database setup.

Merapi - A Bridge Between AIR and Java

Merapi is a bridge between applications written in Java and those running in and created for Adobe AIR™ (Adobe Integrated Runtime™).

Merapi has been designed to run on a user's machine, along with an Adobe AIR™application and providea direct bridge between the Adobe AIR™ framework and Java, exposing the power and overall calabilities of the user's operating system, including 3rd party hardware devices.

With a light weight and straightforward API, developers can leverage the OS by writing Java companion applications for their AIR™ applications. Java programs treat Mirapi as a bridge to the running Adobe AIR™ application and vice-versa.

Developers can build their Flex, Flash and AJAX applications for Adobe AIR™, and use Mirapi to make them do things that AIR just can't do by itself.

The Merapi project team, is proud to announce that the private alpha release has been completed and is available to select members of the Flex/AIR/Java community. We've had a lot of interest and have been contacted by a variety of individuals who have expressed interest in joining our efforts.

Adobe New Magical Tool For RIA - THERMO

"Thermo" is an upcoming Adobe product that makes it easy for designers to create rich Internet application UIs. Thermo allows designers to build on familiar workflows to visually create working applications that easily flow into production and development.

Features :-

* Use drawing tools to create original graphics, wireframe an application design, or manipulate artwork imported from Adobe Creative Suite tools.
* Turn artwork from Adobe Photoshop, Illustrator, or Fireworks directly into functional components that use the original artwork as a “skin”.
* Define and wire up interactive behavior, such as what to do when a user clicks on something, without having to write code.
* Easily design UIs that work with dynamic data, such as a list of contacts or product information, without having access to the actual data source. Design-time sample data can be used as a realistic placeholder when laying out an application, testing interactivity, and choreographing motion.

Applications created in Thermo are Flex applications that can be loaded directly into Flex Builder, providing a great roundtrip workflow for designers collaborating with developers. The designer's work can be incorporated directly into the production application with no loss of fidelity, and designers can continue to refine the design throughout the iterative development process.