Marco Casario | RIAvolutionize the web

Another very important and delicate aspect of desktop applications, but not only, is the one regarding data encryption.
Encryption is the process of transforming data by using an algorithm to make it unreadable to anyone except those possessing a key.
Adobe AIR has an EncryptedLocalStore class that allows to encrypt data to store it on the client’s machine. Adobe AIR EncryptedLocalStore APIs use DPAPI (Data Protection Application Programming Interface) on Windows and the Keychain on Mac.
DPAPI  is a relatively easy-to-use cryptography API available as a standard component in Microsoft Windows operating systems. Keychainis a password management system in Mac OS X. The default keychain file is the login keychain, decrypted on login by the user's login password  stored in ~/Library/Keychains/.
Both the encrypted local store uses AES-CBC 128-bit encryption.
Using the methods of the EncryptedLocalStore APIs you can save and get data, stored as byte array data, in an encrypted format that cannot be deciphered by other applications or users. In fact each AIR application uses a different encrypted local store for each user.

The encrypted local data store has an maximum supported total capacity of 10MB.
In order to write data in an encrypted format, we use the setitem() methos that accepts the following three parameters, which it uses to set the items with a given name to the provided byte array data:

name:  a String that contains the name of the item in the encrypted local data store.
data:  a ByteArray  that contains the data 
stronglyBound:  is a Boolean with a default value set to false. When the value is set to true it prevents the possibility of hijacking your application 
To write information in an encrypted mode we can use the following setitem() method:

var str:String = "myPassword";
var dataEncrypted:ByteArray = new ByteArray();
dataEncrypted.writeUTFBytes(str);
EncryptedLocalStore.setItem("password", dataEncrypted);

and to read the encrypted information we use the following getitem() method:

var passwordBytes:ByteArray = EncryptedLocalStore.getItem("password");
var password:String = dataEncrypted.readUTFBytes(dataEncrypted.length);

In the next article I'll show you how to create an ActionScript class to use the EncryptedLocalStore in AIR applications.

These days I'm working on the O'Reilly AIR Cookbook creating the examples for the chapter on the HTMLLoader class.
The HTMLLoader class has a powerful method that lets you to load html content from a simple html string. The method is part of the public methods of the HTMLLoader class: loadString().
It accepts a parameter that contains the html content to load within an istance of the HTMLLoader class.

With this simple code you'll load the htmlToLoad string into the HTMLLoader class. The _html istance will be rendered as HTML the content through the WebKit engine:

private var _html:HTMLLoader;
private var _htmlToLoad:String;

_html = new HTMLLoader();

_html.width = stage.stageWidth;
_html.height = stage.stageHeight;

_htmlToLoad:String =
'<html><body>' +
'<div id="content">Hello from JavaScript !</div>'+
'</body></html>    '

_html.loadString(_htmlToLoad);

The cool thing is that you can use this approach to write JavaScript objects, functions and properties as well as defining the HTML structure within an ActionScript class, and then access to the html DOM  via ActionScript code.

Consider these three  important considerations:
a) access to the DOM elements and JavaScript objects only after the page load event is dispatched. The page load event corresponds to the COMPLETE event dispatched by the HTMLLoader class. You can create an event listener for this event using the addEventListener() method:

_html.addEventListener(Event.COMPLETE, onComplete);

b) you can access to DOM elements using the window.document object and invoking the getElementById, and getElementsByTagNamer() methods. The window object represents the global JavaScript object for the content loaded into the HTML control.
c) you can edit and create the content of the html content using the innerText and innerHTML properties

In the next page I've created an example where an HTML content is created within an ActionScript class and then loaded into an HTMLLoader object. I've accessed using ActionScript to the HTML DOM to get the content within the DIV tag.

NOTE: Because of some formatting issues, this post was posted on my personal blog as well as Comtaste's blog. Sorry for that :)

These days I'm working on the <a
href="http://www.amazon.com/Adobe-AIR-Cookbook-Application-Developers/dp/0596522509">O'Reilly AIR Cookbook</a> creating the examples for the chapter on the HTMLLoader class.
The HTMLLoader class has a powerful method that lets you to load html content from a simple html string. The method is part of the public methods of the HTMLLoader class: loadString().
It accepts a parameter that contains the html content to load within an istance of the HTMLLoader class:

private var _html:HTMLLoader;
private var _htmlToLoad:String;

_html = new HTMLLoader();
htmlToLoad =
'<html>' +
'<body>' +
'<div id="content">Hello from JavaScript !</div>'+
'</body></html>';

_html.width = stage.stageWidth;
_html.height = stage.stageHeight;
_html.loadString(htmlToLoad);

With this simple code you'll load the htmlToLoad string into the HTMLLoader class. The _html istance will render as HTML the content through the WebKit engine.
The cool thing is that you can use this approach to write JavaScript objects, functions and properties as well as defining the HTML structure within an ActionScript class, and then access to the html DOM  via ActionScript code.

In the next page I've created an example where an HTML content is created within an ActionScript class and then loaded into an HTMLLoader object. I've accessed using ActionScript to the HTML DOM to get the content within the DIV tag.

Consider these three  important considerations:
a) access to the DOM elements and JavaScript objects only after the page load event is dispatched. The page load event corresponds to the COMPLETE event dispatched by the HTMLLoader class. You can create an event listener for this event using the addEventListener() method:

_html.addEventListener(Event.COMPLETE, onComplete);

b) you can access to DOM elements using the window.document object and invoking the getElementById, and getElementsByTagNamer() methods. The window object represents the global JavaScript object for the content loaded into the HTML control.
c) you can edit and create the content of the html content using the innerText and innerHTML properties

Because of some formatting issues I had on our company's blog, to speed it up I've duplicated this post on both blogs (personal and company). Sorry for that :)
You can see the complete ActionScript 3 class on my personal  blog (next page).

The AIR Cookbook was on Amazon last week and now the project was officially announced by Adobe.  I'm pretty excited for this book because, first of all, it is my first book for O'Reilly and then we got a great group of authors: David Tucker, Rich Tretola, and Koen De Weggheleire as well as myself.
Today Adobe has launched the AIR Cookbook site. Like the Flex Cookbook you can use the AIR cookbook to share knowledge and find answers to common coding problems.
If you're new to the AIR cookbook and would like to contribute:

1. Read the FAQ and note the community and editorial guidelines and known issues.
2. Search the cookbook to avoid posting redundant recipes.

3. Post your solution to the cookbook:

   • Choose a succinct, descriptive title for the problem.
   • Provide a brief summary statement of the solution.
   • Write a detailed description of the solution.
   • Include downloadable samples (optional).

Needed Entries

If you have a solution related to the following or any other topic related to building on AIR:

• Bridging content from different security sandboxes
• Using transactions with queries
• Including a database in an AIR application
• Consuming eBay Web Services
• Reading and writing data from a file
• Making creative use of the Service Monitor Framework

—be sure to post it to the AIR cookbook for a chance to have your solution appear in the upcoming Adobe AIR Cookbook written and compiled by David Tucker, Marco Casario, Rich Tretola, and Koen De Weggheleire to be published by O’Reilly Media. All posts will receive equal consideration.

Pre-Order the Book

If you really, really, want to get your copy ordered early - Amazon already has the book listed (but remember - the book will be out late this year).

AIR Cookbook

Adobe has created a new section on the Adobe AIR support page oriented to IT administrators.
On this page you'll find the  "Adobe           AIR Administrators Guide" (PDF) that provides details on how to deploy Adobe           AIR in enterprises and tuning of other runtime settings, and other reference documentations for the enterprise scenarios.

I've just finished working on the Advanced AIR Applications book for  FriendsOfED, that a new book project started. I'm now involved in writing the O'Reilly AIR Cookbook, accepting the invitation made by David Tucker. The other authors are talented Flex and AIR developers with a lot of writing experiences: Rich Tretola, Koen De Weggheleire and David Tucker.

This is my first book for O'Reilly and I'm glad to work with you guys !

These days here in Comtaste, I'm very busy for a consulting activity to support a project for an Adobe's Italy partner (I'm under NDA so I can't do names), working on a enterprise desktop AIR application (that uses Java, Oracle Form and Hibernate). The project is a porting of an ActionScript 3/J2EE web application, so what we're doing is to write ActionScript 3 classes to add AIR desktop functionalities.

A sad note. This project is the reason why I won't be able to come to the onAIR tour in Milan :( damn !

We're spending a lot of time defining the state of the application when it goes offline. In fact the AIR project will work in online as well as offline mode (it's what Adbe calls Occasionally Connected Application).
The application must provide most of the functionalities when it's on offline status: reading and writing data, loading assets, saving data etc.
Actually AIR comes with a lot of APIs to reach these goals: the service monitor framework, the SQLite support, the I/O classes and more.

What we're developing is a series of ActionScript 3 classes to synch a database from local to remote using SQLite (local) and Oracle (remote) and a system that checks and monitors the network connectivity to cache external assets from the web server to the local client.

I can't post the code we're working on, but I want to share some simple and effective tips for caching assets when the AIR application goes offline.
The AIR SDK provides the service monitor framework APIs that consti of the ServiceMonitor class plus two subclasses: URLMonitor and SocketMonitor.
The service monitor framework is not included in the standard AIR SDK so if you're using Flash or AJAX you have to import the libraries into your package. If you are using Flex Builder 3 the IDE will embed the framework automatically.
You can read a lot about this framework on the AIR documentation.
The service monitor framework allows developers to test and monitor HTTP based service using the URLMonitor subclass. The usage is pretty simple. You specify two parameters in the constructor of the class: the URLRequest object and the
Invoking the start() method of the URLMonitor class a listener will be created and will check and monitor the URL specified for the netire life of the application. If the status of the netwrok connectivity will change,  the STATUS event will be raised.

So we can use this event accord ???? to get the status of the connection through the available property of the URLMonitor class.

import air.net.URLMonitor;

import flash.events.StatusEvent;
import flash.net.URLRequest;

monitor = new URLMonitor(urlRequest);

monitor.start();

monitor.addEventListener( StatusEvent.STATUS, onStatusEvent );

private function onStatusEvent( event:StatusEvent ) : void
{      

if (monitor.available)
{

// You're connected
// Load your assets from your remote server

} else
{

// You're not connected
// Open the assets locally
// Change the state of the application to offline status

}

}

Once we get the status of our connection and getting notified by any network connectivity change, we can write the methods to save and read the assets locally.