

Ask YC: API in an Ajax Adobe AIR app? - ca98am79

I'm pretty new to developing AIR apps, so maybe this is a dumb question, but I can't seem to find any answers from google. Any help you can give me is greatly appreciated.<p>I'm building an AIR app with Ajax using an api that is identical to flickr's Api, with a shared secret key. The problem is that the air installation package contains all the source and I don't want to give away my shared secret.  Is there any way to do this? Can I hide some source, or somehow include this shared secret within the app without giving it away?<p>Thanks for your help.
======
bprater
AIR has an encrypted local store you can hide secret information in.

~~~
ca98am79
thanks - i know about this, but can you store information in it pre-
installation?

------
jwilliams
> The problem is that the air installation package contains all the source and
> I don't want to give away my shared secret. Is there any way to do this?

You've got to give the secret out in some fashion or another - otherwise the
application won't be able to decrypt the picture or whatever is it.. Even if
you obfuscate it, it'll still be somewhere (in memory or whatever).

Maybe this requires a rethink of your security model? What are you trying to
secure?

------
arpit
Install the app and then the first thing the app does at first run is make an
api call to get the key and store it into the encrypted store. Pass the md5
hash of the swf as part of the call to get the key to make sure its your own
swf thats making a call to the server.

------
perezd
you could have your application do some sort of authenticated request for it
on a server maybe? Or better yet, proxy all of your api requests through your
server?

I don't know, seems like a lot of runaround to me.

