Foundation ActionScript Animation: Making Things Move! (Foundation)

Sure you can animate using motion tweens, in fact we'll help you do that with our Flash Cartoon Animation book, but isn't there something extra special in making things move with just a few lines of code?

In this book Keith Peters guides us through some basic animation theory and then demystifies the math and physics behind creating realistic animation, looking at trigonometry, velocity and acceleration, and bouncing & friction.

This book will teach you how to use Flash ActionScript to move the objects in your movies, rather than letting Flash's tween engine do it for you. The benefit of this is smaller, more realistic, more dynamic interactive movies that seem to come alive on your screen. Almost all of the code featured in this book will work fine in either Flash MX 2004 or Flash 8, and with a few minor adjustments, most of it can even be applied to Flash MX.

Although the text covers many advanced math and physics concepts, making for very realistic motion, there's no need to worry, even if you're a relative newcomer to programming and the last math class you took was in high school (and even if you barely remember that!).

This book first covers everything you need to know to get started: the principles of animation, and the basics of ActionScript, trigonometry, and Flash rendering methods. You'll work your way slowly from using code to move a single object across the screen to creating complex systems that really push Flash's capabilities with topics covered including collision detection, particle attraction, and kinematics. The book concludes with looking at 3D animation techniques, including building a basic 3D engine, 3D lines, fills and solids, and matrix math.

Once you come to grips with the ideas presented here, you'll find yourself creating all manner of exciting animations and games!

http://rapidshare.de/files/36404064/1590595181.zip

ActionScript 3.0 Design Patterns: Object Oriented Programming Techniques (Adobe Developer Library)

Now that ActionScript is reengineered from top to bottom as a true object-oriented programming (OOP) language, reusable design patterns are an ideal way to solve common problems in Flash and Flex applications. If you're an experienced Flash or Flex developer ready to tackle sophisticated programming techniques with ActionScript 3.0, this hands-on introduction to design patterns is the book you need.

ActionScript 3.0 Design Patterns takes you step by step through the process, first by explaining how design patterns provide a clear road map for structuring code that actually makes OOP languages easier to learn and use. You then learn about various types of design patterns and construct small abstract examples before trying your hand at building full-fledged working applications outlined in the book. Topics in ActionScript 3.0 Design Patterns include:

• Key features of ActionScript 3.0 and why it became an OOP language
• OOP characteristics, such as classes, abstraction, inheritance, and polymorphism
• The benefits of using design patterns
• Creational patterns, including Factory and Singleton patterns
• Structural patterns, including Decorator, Adapter, and Composite patterns
• Behavioral patterns, including Command, Observer, Strategy, and State patterns
• Multiple design patterns, including Model-View-Controller and Symmetric Proxy designs

During the course of the book, you'll work with examples of increasing complexity, such as an e-business application with service options that users can select, an interface for selecting a class of products and individual products in each class, an action game application, a video record and playback application, and many more. Whether you're coming to Flash and Flex from Java or C , or have experience with ActionScript 2.0, ActionScript 3.0 Design Patterns will have you constructing truly elegant solutions for your Flash and Flex applications in no time.


http://rapidshare.com/files/65431411/0596528469.zip

Foundation Actionscript 3.0 Animation: Making Things Move!

In this book, you'll learn

• All the ActionScript 3.0 (including math and trigonometry functions) and Flash rendering techniques you'll need to start animating with code
• Basic motion principles such as velocity, acceleration, friction, easing, and bouncing
• How to handle user interaction via the keyboard and mouse
• Advanced motion techniques such as springs, coordinate rotation, conservation of momentum, and forward and inverse kinematics
• All the basic 3D concepts you need to do 3D in Flash, from simple perspective to full 3D solids complete with backface culling and dynamic lighting

Flash has long been one of the most approachable, user-friendly tools for creating web-based animations, games, and applications. This has contributed to making it one of the most widely used programs for creating interactive web content. With each new version of Flash, ActionScript, its built-in scripting language, has become more powerful and a little more complex, too. ActionScript, now at version 3.0, has significantly matured as a programming language, bringing power and speed only previously dreamed about to Flash-based animation, going far beyond traditionally used keyframes and tweens. The material inside this book covers everything you need to know to harness the power of ActionScript 3.0. First, all the basics of script-based animation and setting up an ActionScript 3.0 project are covered. An introduction to object-oriented programming follows, with the new syntax, events, and rendering techniques of ActionScript 3.0 explained, giving you the confidence to use the language, whether starting from scratch or moving up from ActionScript 2.0. The book goes on to provide information on all the relevant trigonometry you will need, before moving on to physics concepts such as acceleration, velocity, easing, springs, collision detection, conservation of momentum, 3D, and forward and inverse kinematics. In no time at all you'll both understand the concepts of scripted animation and have the ability to create all manner of exciting animations and games.

Summary of Contents

• PART ONE - ACTIONSCRIPTED ANIMATION BASICS
  • Chapter 1 Basic Animation Concepts
  • Chapter 2 Basics of ActionScript 3.0 for Animation
  • Chapter 3 Trigonometry for Animation
  • Chapter 4 Rendering Techniques
• PART TWO - BASIC MOTION
  • Chapter 5 Velocity and Acceleration
  • Chapter 6 Boundaries and Friction
  • Chapter 7 User Interaction: Moving Objects Around
• PART THREE - ADVANCED MOTION
  • Chapter 8 Easing and Springing
  • Chapter 9 Collision Detection
  • Chapter 10 Coordinate Rotation and Bouncing Off Angles
  • Chapter 11 Billiard Ball Physics
  • Chapter 12 Particle Attraction and Gravity
  • Chapter 13 Forward Kinematics: Making Things Walk
  • Chapter 14 Inverse Kinematics: Dragging and Reaching
• PART FOUR - 3D ANIMATION
  • Chapter 15 3D Basics
  • Chapter 16 3D Lines and Fills
  • Chapter 17 Backface Culling and 3D Lighting
• PART FIVE - ADDITIONAL TECHNIQUES
  • Chapter 18 Matrix Math
  • Chapter 19 Tips and Tricks

http://rapidshare.com/files/33865429/1590597915.zip

Flash 8: The Missing Manual

Macromedia's Flash 8 is the world's premier program for adding animation to Web sites. And with the latest version, this popular program becomes more versatile, letting beginning Web masters and expert developers alike create sophisticated Web content. But Flash isn't intuitive. And it doesn't come with a manual. Whether you want to learn the basics or unleash the program's true power, Flash 8: The Missing Manual is the ideal instructor.

This hands-on guide to today's hottest web design tool is aimed at non-developers, and it teaches you how to translate your ideas into great web content.

It begins with a solid primer on animation, which helps you get comfortable with the Flash interface. Once you have these basics under your belt, Flash 8: The Missing Manual moves on to advanced animations, including adding special effects and audio, video, and interactivity to your presentations. When you're really feeling steady, the book shows how to use a dollop of ActionScript to customize your content. It then teaches you how to publish your Flash creations for Web surfers everywhere to enjoy. Along the way, the book shows you good design principles and helps you avoid elements that can distract or annoy an audience.

Author Emily Vander Veer has more than a dozen books to her credit, including titles on Web design and scripting--most written for non-technical readers. Her background makes her the perfect author for a straightforward book on a complex subject. She takes Flash 8: The Missing Manual from the basics to the advanced, yet avoids a hasty jump into tough topics that can leave readers confused.

Not only will Flash 8: The Missing Manual help you turn a concept into unique, dynamic content, but it will continue to serve as a reference as you develop your web site.

http://rapidshare.de/files/16451311/0596101376.zip

ActionScript 3.0 Game Programming University (Paperback)

Gary Rosenzweig's ActionScript 3.0 Game Programming University shows you how to use ActionScript, the programming language behind Flash CS3 Professional. The lessons teach you all the basics of ActionScript programming through game examples, but the code can be easily adapted to non-game-oriented projects, such as web training and advertising. Written by a real-world Flash developer, this book presents you with the source code of 16 complete games and lays the foundation for you to create your own games. Gary also provides a companion website - flashgameu.com, which contains files, updates, new content, Gary's blog and much more.

http://rapidshare.com/files/56030710/0789737027.zip

Foundation Flash Applications for Mobile Devices (Foundation)

Wireless developers have sought an integrated platform that allows them to create commercial content for cell-phones, PDAs, and any other mobile device. Now Flash and its low-power-device-optimized cousin, FlashLite, allows the creation of applications, games, and animation.

Development times are slashed with Flash. The reward is a rapid and flexible workflow. Flash provides scalable vector graphics for any size screen size. Flash incorporates a variety of media formats, such as MP3, MIDI, JPG, and PNG. Flash is the perfect choice for wireless development given that device abilities can vary substantially.

This book is for anyone wishing to learn how to implement Flash applications on mobile devices, including Flash and J2ME. It discusses the pluses and minuses of this platform. But its focus is to show how Flash surpasses J2ME for a superior rich user experience.

http://rapidshare.com/files/12498698/1590595580.zip

Flash Animation for Teens (For Teens)

Welcome to your no-experience-required, introductory guide to creating animations with Macromedia Flash! Flash Animation for Teens will help you develop the fundamental Flash skills that you need to confidently create your own animations. Covering the basics of Flash animation, this book uses Flash 8 to teach you the techniques you need to create a variety of animation styles, including games, web sites, stand-alone applications, and cartoons. Ideal for readers with little to no Flash experience, this project-based guide will help you conquer the basics and begin creating your own animations.

http://www.eazyupload.net/download/qRAFfxPf/1598632302.zip.htm

Creating a Web Site wih Flash

Face it: Poorly designed, static Web sites just don't cut it anymore. The Web (not to mention the technology surrounding it) has been around long enough, and people have grown accustomed enough to dealing with it, that folks want (and expect) a little razzle-dazzle when they go online. For just $12.99, this compact guide shows you how to deliver it! Whether your boss wants you to jazz up the company's Web site or you're burning the midnight oil trying to pull together some Web animations for a class project, this tightly focused, project-based guide shows you how to start creating Flash animations in an instant! Using big, bold full-color pictures and streamlined instructions, it covers just the need-to-know essentials that will get you animating with Flash: using the Flash authoring tool, creating and animating graphics, tweening, adding sound, and more.

http://rapidshare.com/files/56041042/0321321251.zip

LearnFlash.com Building Websites in Flash CS3 DVDR

In this video series, Flash guru Craig Campbell demonstrates how to create dynamic, interactive websites using Flash CS3 and ActionScript 3.

http://www.filefactory.com/file/219d89/n/LF_Flash_pm_txt

1.4 GB

Using the Flash Media Interactive Server Feature Explorer

The Flash Media Interactive Server Feature Explorer is a cross-platform desktop application built on Adobe AIR that we created to help you discover the rich and engaging interactive solutions in Flash and AIR enabled by Flash Media Interactive Server 3. This application hosts over 30 examples of streaming and multiway communication solutions, including basic server connection examples, complex video streaming, and authentication routines. You can also learn to build video messaging and VoIP solutions.

Install the AIR application and download the server-side assets (linked to below) that you can deploy with the free Flash Media Development Server. Every example contains the source MXML, ActionScript 3.0, and server-side ActionScript code you'll need to test out these solutions.

Here is how you set up the samples for the Flash Media Interactive Server Feature Explorer:

1. Download and install Flash Media Development Server 3 or Flash Media Interactive Server 3. (These samples do not work with Flash Media Streaming Server 3.)
2. Download and unzip the server-side code and video samples (linked to below) to the /applications folder of your Flash Media Interactive Server installation.
3. Install the Flash Media Interactive Server Feature Explorer AIR application.
4. Run the Flash Media Interactive Server Feature Explorer.
5. Click Configure Servers at the top of the application window.
6. Enter the Flash Media Server URI, administrator name, and password of your Flash Media Server.
7. To test the multipoint publish example, enter the URL of a second Flash Media Server.

Requirements

To get the most out of this article, you'll need the following software and files:

Flash Media Development Server 3

• Download

Flash Media Interactive Server Feature Explorer

Server-side code and video samples:

fms_explorer_samples.zip (ZIP, 55 MB)

Photoshop Express adds new features

The peeps behind the Photoshop Express online image editor have been keeping busy, adding drag-and-drop upload, more printing and editing options, and more. According to Macworld,

A couple of the new updates use Adobe’s AIR technology. The Photoshop Express Uploader enables photo uploading from the desktop of any Internet-connected computer. AIR is also behind a feature that “bridges the real-time, dynamic capabilities of the Web with the computing power and data capabilities of the desktop computer,” according to Adobe.

Another handy feature is the ability to drag and drop photos directly from your photo application into Photoshop Express. Users can now also print photos through Shutterfly.

Dynamic slideshows can now have music created exclusively for Photoshop Express. For organizing, the addition of tags allows for easy viewing and searching by name, party, venue, subject and anything else you find useful.

A one-click Resize tool with presets for mobile, Web, e-mail or online Profiles is now available and you can now download photos from anyone’s public album and keep a collection of their favorites.

All of the new features are available immediately by logging into the Photoshop Express Web site.

Adobe Photoshop Lightroom 2.0.481478

Adobe Photoshop Lightroom 2.0.481478 | 65.6 MB | RS + DF

Adobe® Photoshop® Lightroom™ software is the professional photographer's essential toolbox, providing one easy application for managing, adjusting, and presenting large volumes of digital photographs so you can spend less time in front of the computer and more time behind the lens. So you can spend less time sorting and refining photographs, and more time actually shooting them. Its clean, elegant interface literally steps out of the way and lets you quickly view and work with the images you shot today, as well as the thousands of images that you will shoot over the course of your career. Because no two photographers work alike, Adobe Lightroom adapts to your workflow, not the other way around. Lightroom lets you view, zoom in, and compare photographs quickly and easily. Precise, photography-specific adjustments allow you to fine tune your images while maintaining the highest level of image quality from capture through output. And best of all, it runs on most commonly used computers, even notebook computers used on location.

Perform nondestructive editing
Enjoy robust support for more than 150 camera raw formats, and experiment with confidence. Adjustments you make to images in Lightroom won't alter the original data, whether you're working on a JPEG, TIFF, DNG, or camera raw file.

Enjoy an elegant, uncluttered interface
Ease the learning curve and be productive quickly. Task-oriented modules whisk you through typical workflow tasks by putting just the tools you need at your fingertips.

Professional editing tools
Fine-tune your photographs with precise, easy-to-use tools for globally correcting white balance, exposure, tone curves, lens distortion, and color casts.

Photographer profiles
Get inspired by documentaries of well-known photographers in the Lightroom Design Center.

Lightroom/Photoshop Icelandic Adventure
Using the Lightroom, photographers uploaded, sorted, adjusted, and output their raw images while still working in the field.

Project Photoshop Lightroom tour
Adobe brought the Lightroom beta to 25 schools across the U.S. See the work that resulted from the tour.

Support languages
English, Deutch, French

Download from Rapidshare:
http://rapidshare.com/files/133568148/Adob...uild_481478.rar

Download from DepositFiles:
http://depositfiles.com/files/6879773

Photoshop CS3 Extended Video and 3D Bible

Harness the powerful new capabilities of Photoshop CS3 Extended

When you think of editing 3D images, if your first thought isn't Photoshop's filters, styles, and paint tools, think again. Now you can apply your Photoshop skills to 3D and video with Photoshop's new CS3 Extended and the in-depth instruction in this comprehensive guide. Want to create composites using 3D objects? Learn how to animate? Jazz up YouTube videos? From animation basics to blending video layers, this book has what you need to produce digital and 3D content like a pro.
*Get to know 3D formats, workspaces, and tools
*Create a 3D layer from a 2D image with Vanishing Point
*Position a 3D camera and zoom, pan, or change views
*Transform 3D objects with filters, blends, textures, and masks
*Import video into Photoshop and edit, trim, and extract
*Learn rotoscoping basics and how to animate
*Build sequences scene by scene with the Timeline editor
*Fine-tune alpha channels and add special effects

http://rapidshare.com/files/133465404/0470241810.zip

Photoshop Creative No.14

Photoshop Creative No.14 PDF | 100 Page Get started with Photoshop brushes How to load, adapt, create and use brushes in Photoshop. Paint like Cézanne Use the Smudge tool to create still life masterpieces. Silkscreen effects Use the Cutout filter to give your photos a silkscreen effect. Create a stone texture Use filters to turn a blank document into a realistic rocky texture. Change colours in photos Alter the hues of clothes without losing any vital shadow or highlight detail. Create fireworks Light up the sky of your night shots by adding some Photoshop fireworks. Paint from scratch Get a firm grip on controlling brushes and paint a great landscape to boot! Download links Rapidshare filefactory

Introducing the Adobe AIR security model

My goal in this document is to provide a high-level overview of the AIR security model, and the rationale behind it.

Note: For more information about the set of security rules and controls in Adobe AIR that help safeguard users and application developers, refer to the Adobe AIR 1.0 Security white paper.

Adobe AIR and the desktop

Adobe AIR allows developers to use their existing web development skills in HTML, Ajax, Flash, and Flex to build and deploy desktop applications. Although these applications may be based upon web technologies, it is important to keep in mind that the end result is a desktop application, and as such the primary security model for AIR is that of a desktop application, rather than a web application.

A desktop application has certain characteristics. On the one hand, desktop applications generally have a lot more privileges than a similar web application, as they have been installed by the user to a specific desktop machine, implying a degree of trust that is greater than that of arbitrary web content. On the other hand, the privileges inherent in a desktop application require a greater degree of caution as certain coding practices and patterns that may be common in web applications may never be acceptable in a desktop application.

AIR sandboxes

AIR applications can be built using a combination of Flash and HTML/Ajax. AIR applications can also leverage PDF for document rendering, although an AIR application cannot be based upon a PDF file alone.

Regardless of whether an application is built primarily in Flash or HTML, all AIR applications have some characteristics in common. Within a given AIR application, there is a set of AIR specific APIs that are available to provide access to local system and network resources that would not be normally available in a web application contained in a browser. Each AIR application also contains a number of different sandboxes, depending on what type of content is being loaded, and for what purpose:

• Application sandbox is the root of every AIR application. This sandbox permits access to the privileged AIR specific system APIs. In return for access to these powerful APIs, some common dangerous APIs and patterns are restricted. For example, dynamic importing of remote content is generally prohibited and dynamic code generation techniques are heavily restricted. Only content loaded directly from the application home directory (via the app:/ URI scheme) can be placed in the application sandbox.
• Non-application sandbox contains all other content that is not loaded directly into the application sandbox. This includes local and remote content. Such content does not have direct access to AIR APIs and obeys the same rules that it would have to obey in the browser when loaded from the same location (for example, a local SWF file behaves the same way a local SWF file would in the browser, and HTML from a remote domain behaves like it would behave in the browser).

For more information on AIR sandboxes, refer to the Sandboxes section in Developing Adobe AIR Applications with HTML and Ajax.

Differences between desktop and web application security

There are a number of design and implementation patterns common to web applications that are too dangerous to be combined with the local system access inherent in the AIR application sandbox. In a desktop application, the user grants system access (albeit sometimes unknowingly) to the application by downloading and then installing and running the application. This in theory allows the user to inspect and approve the application before installing or running it for the first time.

This in return limits the ability of the application to extend itself by silently and dynamically installing additional components or running code loaded from a remote server. For example, a fundamental desktop practice is to inform the user when downloading and installing updates, plug-ins, or other extensions to an installed application. Even applications that appear to do this automatically give some notice to the user, as well as providing a configuration option to disable automatic updates. When apps attempt to bypass this user consent, they run the risk of being labeled a privacy threat, if not a security vulnerability, which is why runtime script importing of remote content has been disabled in the application sandbox.

Imagine a scenario where your desktop application automatically imports some script from your website every time it runs, perhaps to render today's stock charts or to provide the latest application functionality. In the event that your server is compromised, or if you do not perform that code loading very diligently (that is, sign the script with your certificate and subsequently verify the validity of the signature), then an attacker could take over every machine that runs your application simply by compromising the server hosting that one script. So the user deciding to install a given application does not automatically grant the right to that application to download and execute additional code without additional, explicit user consent.

Another concern lies with practices that, while they may not be intended to load external code or script, permit injection of remote script (commonly known as cross-site scripting or XSS) where the developer never intended. The eval() function in JavaScript is a common example of this. eval() is often used to generate code from templates combined with data potentially loaded from a remote domain. Unless the developer is extremely diligent in scrubbing loaded data for every possible form of code injection, then any such data containing malicious code could compromise the user's system if eval()'ed in the application sandbox. This is why using eval() and similar APIs to generate code at runtime in the application sandbox is prohibited.

Finally, using any remote data in AIR specific APIs should be done with extreme care. For example, if a remote server can provide a file name and file contents for the application to download, it could write the file to a sensitive area of the file system, possibly resulting in installation of a malicious rootkit. This may seem farfetched, but it is a common mistake that is easily made, even when you believe you have exercised sufficient care. Suppose you have built an application that allows the user to browse and save photos from a remote server. At some point, your application would probably provide a function that looks something like this:

savePhoto(var filename, var content);

You may even take the extra step of ensuring that you provide a root directory—for example, C:\Photos— that you prepend to the file name variable. So imagine if the data provided by the remote server is something like this:

filename = "sailboat.jpg"
content = 

Your code prepends C:\Photos, resulting in:

filename = "C:\Photos\sailboat.jpg"

Looks pretty good, right? But what happens if the remote server provides you instead with:

filename = "..\Windows\notepad.exe"
content = 

When you prepend your root directory to the file name, you end up with:

Filename = "C:\Photos\..\Windows\notepad.exe"

This will still overwrite the Notepad application in the Windows directory, and end up executing the rootkit the next time the user attempts to run Notepad. This is a simple example, but it illustrates how easy it can be to make such a mistake.

For additional information, see the sections Best security practices for developers and Writing to disk in Developing AIR Applications with Adobe Flex 3.

HTML security considerations

The security model for the HTML application sandbox in AIR varies significantly from the sandbox available in the browser. The reason behind this is there are a number of design and implementation patterns common to HTML web applications that are too dangerous to be combined with the local system access inherent in the AIR application sandbox.

Patterns such as remote script importing and use of dynamic script generation via eval() and injection of code into innerHTML and outerHTML DOM elements—while already very dangerous—are very common in HTML applications. Their familiarity unfortunately does not make these practices acceptable in the application sandbox in AIR. As such, you will notice significant restrictions when trying to import script or generate code dynamically in the application sandbox. If you really need to implement such potentially risky runtime patterns, you will have to do so in a non-application sandbox (see below).

There are characteristics of the HTML security model that can be surprising. For example, the most granular security sandbox is an entire frame (whether frame, iframe, or window). This means that all code within a given frame is in the same sandbox and has exactly the same privileges, regardless of how it was loaded into that frame. As far as the browser (or AIR) is concerned, it can't really tell the difference between code that is originally part of the page versus code that is imported from outside the page versus code that is generated by an eval() function. This means that the only way to safely handle trustworthy and untrustworthy content is to separate them into different frames or sandboxes.

For more information, see the section HTML security in Developing Adobe AIR Applications with HTML and Ajax and the HTML security FAQ.

Interacting with different sandboxes

Due to the restrictions placed upon dynamic coding and script importing, the application sandbox is generally the safest sandbox to place your application code into as the risk from injection attacks is greatly diminished compared to the typical browser sandbox. However, there may be cases where developers still need to use these risky techniques in their applications—for example, when interacting with web services that only support JSON non-compliant JavaScript APIs.

The recommended technique in these cases is to create a non-application sandbox to perform the risky operations, and then interact with that sandbox via the SandboxBridge API. The SandboxBridge is a bi-directional serialization API designed to allow domains/sandboxes that otherwise cannot trust each other entirely to interact.

Application extensions such as plug-ins are best implemented via the SandboxBridge. After obtaining user consent, you can store the plug-in in a non-application location (such as app-storage:) and load it into a non-application sandbox. By exposing a well-defined plug-in API (much like the NPAPI does for most browser plug-ins), you can safely interact with your own plug-ins, or even third-party plug-ins developed for your application, without trying to import them into your application sandbox. In addition to being safer from a security standpoint, this type of well-defined plug-in API is a more stable solution, reducing the chances of plug-in breakage with subsequent updates to your application.

Note that the SandboxBridge is not fail-safe. Code in the application sandbox should not expose any APIs via the SandboxBridge that are not safe to be called by any arbitrary remote code. As such, you should not expose any system or sensitive application APIs directly via the SandboxBridge.

However, you could expose, for example, the eval() function from a non-application sandbox back into the application sandbox, as any code subsequently evaluated within the exposed eval() function then will be executed within the context of the non-application sandbox. This would not permit access to sensitive APIs or application data (unless you had expose those already to that particular non-application sandbox). As general guidance, it is usually ok to expose functions and data from a non-application sandbox into the application sandbox, but potentially risky to expose functions and data from the application sandbox into a non-application sandbox. Thus, if you want to use a specific non-application sandbox for these risky practices, you should not use it for anything remotely trustworthy or provide it with any sensitive APIs or data.

For additional guidance regarding usage of the SandboxBridge, see the section Working securely with untrusted content in Developing Adobe AIR Applications with HTML and Ajax.

Installation of AIR applications

AIR applications are usually installed in one of two ways:

• Via a web browser using a seamless install badge feature
• By opening a .air application installer file after it has been copied to the local computer

These two scenarios always use the AIR application installation experience, which is largely the same for all applications. The only significant differences in experience are determined by whether your application has been signed by a commercial, recognized code-signing certificate or a free, self-signed certificate.

Both workflows involved the download of a .air file, which is really just an in-order ZIP file that can contain HTML, SWF, JavaScript and any other types of files. As such, most existing security tools should be able to inspect the .air file itself, or the files that are extracted during the installation process and at runtime.

For an example of the seamless install badge experience, see the AIR sample applications in the AIR Developer Center.

Signing of AIR applications

All AIR applications must be signed by a code-signing certificate. The only question is whether the certificate in question is what is commonly know as a self-signed certificate, which means that it is not recognized as being trustworthy by a typical user's machine (unless the user chooses to import that specific certificate into his or her certificate trust store), or a commercial code-signing certificate purchased from a major certification authority (CA).

The recommended approach is to use a commercially obtained code-signing certificate, as that will be recognized by the AIR installer on almost all user machines. This permits the name of the publisher to be recognized and provides a better installation experience for the user.

For detailed information regarding code signing for AIR applications, please see Developing AIR applications with Adobe Flex 3 in Adobe LiveDocs and also Todd Prekaski's article, Digitally signing Adobe AIR applications.

Conclusion

Being a desktop application runtime, the AIR security model is significantly different from the web browser security model. The application sandbox in AIR provides direct access to system APIs, but in return a number of APIs have been restricted or outright prohibited. Specifically, importing of non-application (that is, not loaded via app:/) content and dynamic generation of code within the application sandbox is heavily restricted.

In many cases, frameworks and existing code will work with little or no modification in the application sandbox. However, in some cases the developer will have to perform high-risk operations (such as importing of remote JavaScript) in a non-application sandbox, then carefully expose the resulting code and data back to the application sandbox via the SandboxBridge API.

However, the privileges inherent in a full desktop application mean the developer can sometimes find ways around these restrictions. The reality is that doing so will almost certainly introduce a large amount of security risk into the application and for the end users of the application. Thus Adobe strongly recommends that developers stay within the restrictions placed by the AIR security model, and carefully consider the cost of implementing rigorous security mitigations for bypassing them. In most cases the development cost of these mitigations will significantly exceed the cost of finding an alternative solution that stays within the bounds of the security model.