Corrupted EncryptedLocalStore in Adobe AIR
Adobe AIR has a feature called EncryptedLocalStore, which is where apps can store potentially sensitive data that needs to be secure or safeguarded from other applications. Examples of things you might want to store there are user passwords, SSL connection data, or even something slightly more mundane such as e-mail addresses.
According to the Adobe AIR 1.5 JavaScript Language Reference, accessing an EncryptedLocalStore should only throw an error if you don't pass it an item name to look for:
var els = air.EncryptedLocalStore; // for convenience
var password = els.getItem('MyPassword'); // returns string (or null)
var blank = els.getItem(); // error
However, sometimes you may find that calls to EncryptedStore.getItem
or EncryptedLocalStore.setItem are failing, and catching
the error doesn't produce any useful information. In this case,
the application's EncryptedLocalStore may have become corrupted.
After installation, if you change the contents of any installed
files, that application's signature will have changed, and it will
no longer be able to access its EncryptedLocalStore.
This is actually a pretty handy security feature, especially since HTML AIR apps have their source code available in plain text after installation. This safeguards against users or other programs changing your code to get sensitive data from your EncryptedLocalStore.
I just wanted to mention this problem because it is not (yet) a thoroughly documented error situation. Reinstalling the application will fix the problem.
- share this post:
2 Comments
If other parts of your code rely on that test passing (not throwing an error), they might be "fooled" if someone edits that try/catch block.
Adobe has said that they are looking into securing source code in future versions of AIR, so perhaps it will come in 2.0?