Adobe air application security

Question

Adobe air application security

I am going to deliver an Adobe AIR application to a client. But this is my first delivery of any kind, Ie I have no experience with licensing, etc.

Users of this application may or may not be online, so I can’t count on it. In fact, he is 99% sure that they will be offline.

And I do not expect that they will be very technically savvy, who spend enough time on reconnaissance for ways to “hack” it.

So, is there any way to protect this application. That is, I do not want people to simply copy the installation folder, go to another machine and start it. It should be a little harder than that.

Oh, and I also use PHP and MySql, which this AIR application communicates with. So you guys could help me with a very welcome.

+7

php mysql air license-key

dharm0us Jan 18 '09 at 10:36

source share

5 answers

Mike paterson · Answer 1 · 2009-01-20T20:12:20+0000

protect php api, not frontend application. have a license key associated with the ip address, and the authentication of the request (which contains the key) comes from the correct ip.

Errick · Answer 2 · 2009-01-25T07:02:02+0000

If you want to protect your Flex application, you can use irrObfuscator . There is a 30 day free demo.

If you want to confuse your PHP code, I would suggest ioncube . There is an online obfuscator that you can pay for a la carte. Pretty helpful. To do this, you will need ioncube loaders, which are a set of PHP extensions that you will find in the product section. Not sure, but I think that you can install the bootloaders without playing with the PHP configuration, so it’s shared hosting.

Schizo duckie · Answer 3 · 2009-01-18T14:34:10+0000

You cannot protect everything based on websites or javascript because there is full source code.

Anyone who knows how to use the "right click" can copy your files. You can confuse your code, but you cannot protect it. If you think this should not be possible, write a desktop application in the "real" programming language.

cliff.meyers · Answer 4 · 2009-01-25T07:35:27+0000

When the application is installed, I will do the following:

Create a file in "app-storage" that basically indicates that the application is installed.
Disconnect the service call and record the installation
Modify the file in the application directory to indicate that the application is installed.

On subsequent launches, check for the presence of the file while the file in the application directory indicates that the application is installed. If you see that the client continues to install the application again and again, this can be noted in their account and appropriate action can be taken. If you want a fantasy, the file in "app-storage" may have a one-way hash of some information from the file in the application directory (installation date?) Plus some value baked in the AIR application.

Overall, I think the key here is to trust your users and not make the assumption that they are trying to steal. You want to make the system as painless as possible. This does not create good relationships with customers when you treat them like criminals, so creating an “iron” approach is probably not even a good idea.

Jarin uddom · Answer 5 · 2009-02-07T13:29:54+0000

I think the only good way to do this is to require activation after installation (online activation with a backup of your phone).

From what you are saying, it seems that the backend is in place and cannot provide adequate copy protection.

Adobe air application security

More articles: