1 Reply Latest reply on Jul 6, 2008 4:41 PM by JBOY_PLUS

    RE: Best security practices for developers

    xwisdom Level 1

      Was just reading this article from the developers center:

      Risk from a downgrade attack

      My question is: Shouldn't the AIR application updater check to make sure that an application cannot be upgraded or downgrade unless the certificates match? That way a hacker could not generate the same app with the same certificate.

        • 1. Re: RE: Best security practices for developers
          Hey man,

          The certificate makes sure that only u with the same certificate can publish your application. What they are talking about is that you should still make sure that you application checks for updates, so an older version not is 'left alone' in case i turns out to have security leaks, that makes data insecure. The 'hackers' can not ( that I have found yet ) recreate your application, but they can destribute an old version of your application, witch could be harmfull if it didn't have an update system buildt into it.