Dr. Dobb's Journal - October 2008 - (Page 39) D10gold_p6as 8/15/08 9:10 AM Page 39 Instantly Search Terabytes of Text revocation list is checked to see if the certificate was revoked at the time signing occurred. If no timestamp is available, the revocation check is applied to the time at which the application is being installed. Finally, Adobe AIR’s revocation checks are best-effort based. If no relevant CRL can be obtained—whether through the cache, AIR file, or CRL server—the installation is allowed to proceed. whether the application has a trusted identity. If the application’s identity is trusted, the publisher’s name is displayed, along with a yellow warning symbol intended to caution the user (Figure 1). If the application’s identity is not trusted, the publisher’s name is not displayed and a red warning symbol intended to severely caution the user is shown (Figure 2). Publishers are sometimes surprised to learn that an application with a trusted identity is not displayed with a green symbol to comfort the user. Regardless of the trust in identity, however, these applications still run unencumbered once installed on the user’s machine. Unlike applications running in a sandbox— web applications running in the browser, for example—some caution is still appropriate. N dozens of indexed, unindexed, fielded data and full-text search options (including Unicode support for hundreds of international languages) N file parsers / converters for hit-highlighted display of all popular file types N Spider supports static and dynamic web data; highlights hits while displaying links, formatting and images intact N API supports .NET, C++, Java, databases, etc. New .NET Spider API Hardware versus File Key Storage Protection of your private key is critical. If it’s compromised, anyone who obtains it can assume your identity for purposes of publishing software. If you’re aware that your key has been compromised—and if a certification authority that publishes a certificate revocation list issued it—then you can have it revoked. This prevents a good deal of the potential damage that could arise. It’s better to avoid such situations entirely. At minimum, your key should always be password protected. If someone made off with your key, they would at least have to crack your password before they could use it. You should consider using a hardwarebased storage option. Unlike file-based storage, your private key can never be extracted from the device once loaded onto it, so the key can’t be stolen unless the device itself is stolen. These devices also require a password to use but, unlike file-based solutions, disable themselves if too many incorrect password attempts are made. The signing tools provided by Adobe are implemented in Java and leverage the pluggable Java Cryptography Architecture (JCA) to support a wide variety of keystores. In addition to the built-in Java Key Store and PKCS12 (PFX) support—both of which are file-based—any hardware solution with a PKCS11 driver or a custom JCA provider can be used. Recent Windows and Mac OS Java implementations also support their respective operating system keystores. I keep my certificate on an Aladdin eToken, which in turn is locked in a safe. Deferred Signing In many organizations, keys are further protected by limiting access to a small number of individuals and keeping them in restricted areas. These persons are typically not the developers and may not be able to package up the assets that compose the application. Adobe’s signing tools support these scenarios by allowing packaging and signing to be done as separate steps. The output of packaging without signing is an .airi file; note the trailing “I” for intermediate. Unlike .air files, .airi files cannot be installed. Their only purpose is to serve as an input for the signing step. Signing of .airi files can only be done with adt; it isn’t supported by the authoring tools like FlexBuilder. h Spider Desktop wit h Spider Network wit CD/DVDs Publish for ider Web with Sp Win & .NET Engine for Linux Engine for New 64-bit The Smart Choice for Text Retrieval ® since 1991 N “Bottom line: dtSearch manages a Conclusion Adobe AIR is a revolutionary platform because it does something new—it enables the creation of desktop applications with web technologies. But no new application development platform could reasonably ignore the security issues involved in deploying and updating desktop applications. Adobe AIR provides for secure delivery using possibly the most sophisticated, widely deployed code-signing implementation ever created. terabyte of text in a single index and returns results in less than a second” – InfoWorld N “For combing through large amounts of data,” dtSearch “leads the market” – Network Computing N dtSearch “covers all data sources powerful Web-based engines”– eWEEK N dtSearch “searches at blazing speeds” – Computer Reseller News Test Center See www.dtsearch.com for hundreds more reviews, and hundreds of developer case studies Acknowledgments UI Implications Adobe AIR displays different UIs during installation of an application, based on Thanks to Luis Polanco and William Ie for not only their work on this feature, but also their help in preparing this article. DDJ Contact dtSearch for fully-functional evaluations 1-800-IT-FINDS www.dtsearch.com October 2008 l www.ddj.com l Dr. Dobb’s Journal 39 http://www.dtsearch.com http://www.dtsearch.com http://www.dtsearch.com http://www.ddj.com
Table of Contents Feed for the Digital Edition of Dr. Dobb's Journal - October 2008 Dr. Dobb's Journal - October 2008 Contents Friday Night Fish Fry Alia Vox Developer Diaries Developer’s Notebook Is Your Next Language COBOL? Conversations Safe Coding Practices Code Signing in Adobe AIR OpenID Single Sign-On The Book Cipher Algorithm Indexing and Searching Image files Extending Continuous Integration Into ALM The Agile Edge Effective Concurrency Swaine’s Flames Dr. Dobb's Journal - October 2008 Dr. Dobb's Journal - October 2008 - (Page Bellyband1) Dr. Dobb's Journal - October 2008 - (Page Bellyband2) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page Cover1) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page Cover2) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page 1) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page 2) Dr. Dobb's Journal - October 2008 - Dr. Dobb's Journal - October 2008 (Page 3) Dr. Dobb's Journal - October 2008 - Contents (Page 4) Dr. Dobb's Journal - October 2008 - Contents (Page 5) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 6) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 7) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 8) Dr. Dobb's Journal - October 2008 - Friday Night Fish Fry (Page 9) Dr. Dobb's Journal - October 2008 - Alia Vox (Page 10) Dr. Dobb's Journal - October 2008 - Alia Vox (Page 11) Dr. Dobb's Journal - October 2008 - Developer Diaries (Page 12) Dr. Dobb's Journal - October 2008 - Developer Diaries (Page 13) Dr. Dobb's Journal - October 2008 - Developer’s Notebook (Page 14) Dr. Dobb's Journal - October 2008 - Developer’s Notebook (Page 15) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 16) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 17) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 18) Dr. Dobb's Journal - October 2008 - Is Your Next Language COBOL? (Page 19) Dr. Dobb's Journal - October 2008 - Conversations (Page 20) Dr. Dobb's Journal - October 2008 - Conversations (Page 21) Dr. Dobb's Journal - October 2008 - Conversations (Page 22) Dr. Dobb's Journal - October 2008 - Conversations (Page 23) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 24) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 25) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 26) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 27) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 28) Dr. Dobb's Journal - October 2008 - Safe Coding Practices (Page 29) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 30) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 31) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 32) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 33) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 34) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 35) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 36) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 37) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 38) Dr. Dobb's Journal - October 2008 - Code Signing in Adobe AIR (Page 39) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 40) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 41) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 42) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 43) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 44) Dr. Dobb's Journal - October 2008 - OpenID Single Sign-On (Page 45) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 46) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 47) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 48) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 49) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 50) Dr. Dobb's Journal - October 2008 - The Book Cipher Algorithm (Page 51) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 52) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 53) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 54) Dr. Dobb's Journal - October 2008 - Indexing and Searching Image files (Page 55) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 56) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 57) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 58) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 59) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 60) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 61) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 62) Dr. Dobb's Journal - October 2008 - Extending Continuous Integration Into ALM (Page 63) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 64) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 65) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 66) Dr. Dobb's Journal - October 2008 - The Agile Edge (Page 67) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 68) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 69) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 70) Dr. Dobb's Journal - October 2008 - Effective Concurrency (Page 71) Dr. Dobb's Journal - October 2008 - Swaine’s Flames (Page 72) Dr. Dobb's Journal - October 2008 - Swaine’s Flames (Page Cover3) Dr. Dobb's Journal - October 2008 - Swaine’s Flames (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.