Accessing the file system

Applications running in a web browser have only limited interaction with the user's local file system. Web browsers implement security policies that ensure that a user's computer cannot be compromised as a result of loading web content. For example, SWF files running through Flash Player in a browser cannot directly interact with files already on a user's computer. Shared objects can be written to a user's computer for the purpose of maintaining user preferences and other data, but this is the limit of file system interaction. Because AIR applications are natively installed, they have a different security contract with the end user. This contract between the application and the end user is made at install time just like native applications, and it includes the capability for the application to read and write across the local file system.

This freedom comes with a higher degree of responsibility for developers. Accidental application security gaps jeopardize not only the functionality of the application, but also the integrity of the user’s computer. The developer documentation includes AIR security information that addresses best practices.

Unless there are administrator restrictions applied to the user’s computer, AIR applications are privileged to write to any location on the user's hard drive. However, developers are encouraged to use the user- and application-specific application storage directory that the runtime provides for each application. The AIR API provides convenient methods for developers to read and write data in the application storage directory. The runtime also provides an encrypted local data storage area unique to each application and user. This allows applications to save and retrieve data that is stored on the user’s local hard drive in an encrypted format that cannot be deciphered by other applications or users. A separate encrypted local store is used for each AIR application, and each AIR application uses a separate encrypted local store for each user. Applications may use the encrypted local store to store information that must be secured, such as login credentials for web services. AIR uses DPAPI on Windows and KeyChain on Mac OS to associate encrypted local stores to each user. The encrypted local store uses AES-CBC 128-bit encryption.

In Adobe AIR 2, applications can open files with the default application registered for the file type. For example, applications can open an mp3 file with the default application used to open mp3 files. AIR prevents applications from opening files that contain certain file types. These file types can potentially execute code when opened. An example is an EXE file on Windows. The restricted file types are listed in the ActionScript 3.0 Reference for the Flash Platform . However, extended desktop AIR applications, which are installed with native installers, can open files of any type. (For information on extended desktop applications, see Communicating with native processes .)

// Ethnio survey code removed