16 | Chapter 1: Introduction to the Adobe Integrated Runtime (AIR)
Some web developers have also stretched the browser secu-
rity model by integrating data from multiple sources and/or
by experimenting with user interfaces that are inconsistent
with the browser chrome. Some of these applications require
browser plug-ins with capabilities that aren’t currently pro-
vided by the browsers. Others take advantage of browser fea-
tures like user notification or customized security
configurations to allow greater or lesser security to applica-
tions from specific domains. These mechanisms allow web
developers to build more powerful applications, but they also
are straining the browser security model.
Rather than trying to extend the web browser so that it can
act as both a browser and as a flexible application runtime,
Adobe AIR provides a flexible runtime for building applica-
tions using web technologies. Adobe AIR allows web devel-
opers to build applications that incorporate data from
multiple sources, provide users with control over where and
how their data is stored, and produce user experiences that
are not possible within the browser’s user interface. Because
Adobe AIR applications must be installed on the desktop and
require users to specifically trust the Adobe AIR application,
Adobe AIR applications can safely exercise these capabili-
ties. Browser-based applications cannot be granted these
capabilities if the browser is to continue to fulfill its role as
an application for safely browsing any web site on the
Internet.
The Adobe AIR security model has a number of implications
for application developers and users. For application devel-
opers, it means that content within an installed AIR applica-
tion has capabilities that should not be exposed to any
untrusted content, including files from the Web. The run-
time has a number of features that are designed to reinforce
that distinction and to help developers build applications
using security best practices.