tags:

views:

498

answers:

1
+1  Q: 

How to protect API Key in Flex/AIR from decompiling?

No obfuscation please and simpler the better.

Similar post is http://stackoverflow.com/questions/294777/shared-secret-with-api-in-an-ajax-adobe-air-app but I was not convinced that these protect from decompiling. If they do, please explain (For example, what's stopping someone from decompiling and using the URLLoader themselves).

A: 

If the public key is in your code, there is nothing that can ever stop anyone from decompiling your app and getting the key.

Also - if the key is sent unencrypted from the AIR app to the server, it is a piece of cake monitoring the net traffic and retrieving the key from there. So even if you protect the key by storing it encrypted, you're pretty much screwed.

If you want to protect it, you have to send your calls through a proxy server that you control and keep the key there.

Johan Öbrink  2009-05-01 11:42:17
Your 3rd idea is good, I could see how that could work. Is there an easy way to do this? It seems like there should be someone providing a trusted key store for OAuth or something. This also seems like a pain too tho since my aim is for a desktop app.
Brandon  2009-05-01 16:11:30

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.