HTML5 - securing intellectual property

Similar Messages

• OneNote and Corporate Intellectual Property Security - How?

  I am trying to understand how OneNote can be used in a Corporate environment, and maintain some control over intellectual property.  As I understand it, OneNote syncs to SkyDrive, which is a PERSONAL Live account.  That means even if the IT Department
  creates a SkyDrive account for that user, the user could then easily move corporate intellectual property to the account (which OneNote is designed to do and very adept at doing), and then change the password.  The IT Department would have no way of knowing
  what was uploaded, and the data could reside in someone's personal OneNote account for years.
  If there was a way of setting up a corporate SkyDrive account in which the users were managed (password changes locked, and content could be reviewed), I think I would feel more comfortable with OneNote.  Right now I don't see a way to do that, and
  one Microsoft document says that is not possible.
  If someone has a solution, please let me know.
  Michael

  The company does have policies for IP, but the threat with cloud servers is increasing the risk of moving large amounts of data offsite.  If you put a program in front of an employee which invites cloud server use, you are inviting misuse of data. 
  The company would like to try out OneNote, but this product is obviously not designed for the Enterprise.  I say that, because there is no easy way to disable web access in it.  I want it off the menus.  As someone else mentioned, "Out
  of sight, out of mind."  There are supposedly a couple of keys you can change which will turn off web integration, but I'll be darned if I can find them.
  Here are the ones suggested.
  HKEY_CURRENT_USER\Software\Microsoft\Office\Common\WebIntegration\WebIntegrationEnabled=0
  HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\WebIntegration\WebIntegrationEnabled
  HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\OneNote\WebServiceProvider\DisableSkydriveSetupOnFirstBoot=1
  People have also mentioned using the Group Policy Management Console, but the company has many remote offices, so there is no central domain controller.
  Right now all I can do is block it at the firewall, which is not a great solution.
  Michael

• Flash Intellectual Property Protection

  Hi,
  I wanted to find out how my intellectual property, such as graphic designs, photos, tweens designs, etc can be protected in a .swf flash file?.
  This is because there are .swf file decompliers which can very easily convert my files into .fla and so access can be gained to my jpeg designs, photos, etc.
  Is there a best practise which can be followed whereby some form of security measures can be taken within flash code, etc? And if so does anyone know what these measures are?
  Also is there a way to then monitor and search for my design materials online such as through google?
  Thanks
  Dan

  Once it's on the web - and mainly relies on your files to be download to the client/user machine, they've got your stuff ;-) They can take images and use them, take a SWF and decompile and harvest your code, etc. But, this has been stuff people hav ebeen able to do for decades...since the invention of the web, really, so it's not a new issue. Now, is it ethical to do so, is another issue.
  I'm not up to date on how to prevent a SWF file from being decompiled (if there even is a 100% secure way)... But  soembody would have to be really ambitious to go after YOUR product...and for what purpose? I think it's a good conversation, one that deserves some info,.
  As for audio/video.images, this has a tried-n-true mechnism: copyright law. Search for it, learn about how the material/art you create is automatically copyrighted. But also learn that you can't take somebody to court for infringement unless you took further steps.
  This issue, an kind of a fortunate way, has nothing to do with Flash - it's about code & content in general. That means there is a wealth of free info out there, you just have to search for it. Within an hour perooid of searching in Google, you'd be well versed and quite knowledgable. Go forth ;-)

• SWF Decompilers & intellectual property

  Hi.
  I just learn that there are exist many SWF decompilers that
  can take a SWF file and create from it the FLA file, as it is
  before compilation with Actionscript libraries and everything. Till
  now, I was thinking that my intellectual property was hidden in the
  compiled swf file that no-one could exploit for his benefit. Now I
  learn that when I publish a .swf file, anyone can retrieve from it
  the .FLA file and all actionscript / libraries that I have used to
  create it,
  even if I have lock my .fla file with password (using the
  'protect from import' option).
  The funny think is that some decompilers even create the
  comments I have in the actionscript! (are those compiled too in the
  .swf file???)... Also the decompilers produced my personal
  libraries-code as is from the .swf file!!!...
  I am curious... Aren't those SWF decompilers illegal, as they
  provide the oportunity to anyone to re-use foreign intellectual
  property for his own?... Shouldn't they be locked at least to
  decompile only projects that with a password you verify them that
  you are the owner of the .swf file, and not a code-thief?....
  I have already tested a few "google-popular" swf-secure
  software, and they CAN'T create playable .swf files in big projects
  (as a full-flash complicated web-site).. Thus actually there is no
  protection against swf decompilers and intellectual property
  stealing...
  Your opinion on the subject?....

  There is no such thing as encrypted computation; it doesn't exist, nor will it ever.  Any file on any platform in existance that contains "instructions" for a computer to read are exposed.  It doesn't matter whether it's plain old source code or CPU op-codes... instructions are instructions.
  Although it's more difficult for a human to make sense of a huge list of op-codes than it is to make sense of source code, the instructions are still there, plain as day, and they have to be so the computer can read them and run them.  Decompilers just take a list of op-codes (or ActionScript Byte Code in this instance) and perform some pattern recognition on them to make sense of them, turning them into source code.  They are not illegal (no program can be illegal; that would be moronic), because they are performing a create/interpretive act.  It's like if you wrote "3.14159265..." in a file, and the decompiler is like "Oh, that's just PI".  So all it's doing is taking a bunch of op-codes that you published on the public internet and it's recognizing that a particular pattern is equivalent to an "if" statement or a method call, etc., and then it's formatting it to ActionScript syntax or whatever language it chooses.
  Intellectual property is a joke, and by hiding information and processes, all you do is set humanity back a step, and inadvertently shoot yourself in the foot by not allowing other to use what you've created and improve upon it so there is every better stuff for you to use and improve upon.  This pretty much sums it up:
  "The problem with the analogy (of some girl having her exercise video distributed online for free) is that you are making false assumptions concerning morality.
  The first false assumption is that because you spent a lot of time or money on something you have to right to profit from it. Ergo, if someone else takes any action that cuts into your profit margin, said action constitutes "theft".
  Secondly, you are assuming that someone can "own" an idea. Imagine what a hindrance on progress it would have been if Sir Isaac Newton could have acquired a copyright for his ideas (Calculus, among others) and charged royalties for anyone wanting to utilize them.
  To put these two false assumptions into perspective, imagine that child A wants to earn some summer cash and comes up with a business plan to do so. He decides to invest some of his money (as well as time) learning magic tricks with the intentions of putting on neighborhood magic shows shows and charging a modest admittance fee, thereby earning a profit. After buying several books on magic tricks he becomes proficient enough to begin putting on magic shows, even coming up with several of his own unique tricks. After the first show he begins to recoup his initial investment. However, child B cleverly figures out how to perform all of child A's tricks (even the ones child A came up with himself). child B loves illusions and decides to put on a nearly-identical magic show of his own. However, child B is not motivated by the prospect of earning money and allows free admittance to his shows. This action puts child A out of business before he was even able to recoup his initial investment (to say nothing of his the time he spent).
  Child B is not in the wrong for taking action that eliminated child A's prospects of earning a profit as no one has the "right" to earn profits in the first place. If you have an idea that is economically viable you might earn a profit, but you never have the right to earn a profit. Furthermore, Child B did not "steal" child A's tricks because no one can own an idea. By not telling anyone you can possibly keep an idea to yourself, but never can you own it. Did Daniel Bernoulli own Bernoulli's Principal? Did David Hughs own the radio? Did Einstein own the theory of relativity? Would we owe royalties to their families for building an airplane, or using wireless communication or nuclear energy? Certainly not. Such a system would absolutely stifle progress. Civilization, as we know it, is possible because of building off of the ideas of others. As such, theft can only apply to tangible objects and not to concepts or profits. The problem with stealing is not that someone gains something, but rather that someone loses something."

• We're Hiring! - Intellectual Property Analyst

  Please see the posting below. If you are interested in the position, please get in touch with us at janet at eclipse.org. Thanks!
  Job Description
  Description: Reporting to the Director of Intellectual Property, Legal Counsel and Secretary of the Foundation, the incumbent will be responsible for performing due diligence on inbound software contributions and maintaining well-documented records of the provenance of all source code in the Eclipse projects.
  Duties:
  This position requires managing multiple software reviews at any given time. These reviews will have both a "heads down" review component as well as a high level of interaction with software developers from both within and outside the Eclipse community. The review component will require focus and ananalytical and research perspective. In performing the research on any given package, it is likely that you will be interacting quite heavily in writing with software developers from around the globe.
  Desired Skills & Experience:*
  A) Required:
  - Excellent time-management skills and multi-tasking ability; able to effectively manage competing priorities in a fast paced environment
  - Strong interpersonal and communication skills;
  - Client focused
  - Strong attention to detail;
  - Demonstrates sound judgment by taking appropriate actions;
  - Dependable and responsible; willing to take initiative in the workplace;
  - Team player
  - Very comfortable with email, instant messenger, and more generally a computing environment.
  - Strong keyboarding skills;
  B) Preferred: *
  - Demonstrable hands-on experience with copyright law and software licensing.
  - Experience with open source licensing issues.
  - Background in software development with knowledge of how software is built, managed and distributed.
  - Experience with open source software development.
  - Knowledge or a willingness to learn HTML
  - Experience with process and project management
  * We really need (A). While preference will be given to candidates with (B) skills, those who don't have those skills but a demonstrated inclination and ability to dig in and learn (with our help of course) will also be considered. If you think you fit that bill, we would love to hear from you.

  This position has now been filled.

• Creative: Defending intellectual property from their own stupidi

  Creative was right in defending their intellectual property, the only one who can't see that are little kids.
  Here's a question though, if you have to go defend your intellectual property from people adding what you said was supposed to be their originally, what does that do for you?
  Not only that, but doesn't that make you legally liable as well?
  If Vista is so hard to program for as alot have said, then how come some random dude can make software work in a matter of months while a group of developers can't in YEARS?!
  Creative, your defending your illectual property from your own stupidity. You brought this on yourself.
  Whats even sadder is how this is turning out.
  I love Creative products. But this reminds me of the Commodore 64.
  The makers of Commodore had made the awesome Commodore 64. Then they came out with the Amiga, far ahead of it's time. But it and the company died due to bad marketing.
  It doesn't matter how good your product is, it matters how people like it
  This day makes me sad. I'm not gonna take a piss on Creative like alot of the spammers are doing. But Creative has dug their own grave.
  Message Edited by GodofDestructon on 04-0-2008 05:06 AM

  Creative was right in defending their intellectual property, the only one who can't see that are little kids.
  Here's a question though, if you have to go defend your intellectual property from people adding what you said was supposed to be their originally, what does that do for you?
  Not only that, but doesn't that make you legally liable as well?
  If Vista is so hard to program for as alot have said, then how come some random dude can make software work in a matter of months while a group of developers can't in YEARS?!
  Creative, your defending your illectual property from your own stupidity. You brought this on yourself.
  Whats even sadder is how this is turning out.
  I love Creative products. But this reminds me of the Commodore 64.
  The makers of Commodore had made the awesome Commodore 64. Then they came out with the Amiga, far ahead of it's time. But it and the company died due to bad marketing.
  It doesn't matter how good your product is, it matters how people like it
  This day makes me sad. I'm not gonna take a piss on Creative like alot of the spammers are doing. But Creative has dug their own grave.
  Message Edited by GodofDestructon on 04-0-2008 05:06 AM

• Protecting intellectual property

  I was hoping to get some insight from all of you on how you protect your software from being stolen if you are using Java.
  I know that .class files can be reverse engineered very easily. I know someone is bound to tell me that you can reverse engineer .exe files as well....but the difference in ability needed is not even comparable. When I looked at this concern a couple years ago the only thing we could do was use an obfuscator. The most widely used obfuscators have reverse obfuscators now. The other option now available are programs like Excelsior JET that will compile the code to an .exe. I know this renders the ability of Java to be "write once, use anywhere" useless...but I know the platform it will be used on.
  My questions is pretty simple. I have a Swing stand-alone application that I would like to release, but I want to protect the code as best as I can. I know I am not the only person to have this question. So what do you guys use to protect your intellectual property? Is there something in Java I besides the two methods I mentioned above that will work to protect my code? Is there another alternative besides Excelsior JET?

  You mention staying a step ahead of the crackers.
  That was the crux of the question: How do you stay a
  step ahead of the crackers?
  I realize it is futile to try and stop reverse
  engineering completely. However, leaving it as class
  files takes absolutely no skill to reverse engineer
  the files. I would atleast like to stop some people
  from getting the source.I think a lot of it coes down to pragmatism.
  What's your goal? Is it to make sure that not even one cracker can possibly ever get even one single illegal copy of your code? No, probably not. That's not a reasonable goal.
  Is your goal to provide some reasonable level of protection against loss of revenue or theft of intellectual property? I assume it's something along those lines.
  If a craker or two or ten uses your idea and claims it as their own, it sucks, but, oh well.
  If they make a little money from it, it sucks, but oh well.
  The world's not perfect. Accept it and move on.
  If they make a bunch of money from it and/or get published somewhere with the claim that it's their own work, then it's worth some attention.
  In this case, you use the law. If you've done the due diligence to document and maybe even register this as your work before releasing it, then you have solid legal grounds on which to argue, should it come to that.
  But to back up a step, and throw that pragmatism in there again: There's a shitload of software available online. Honestly, what's the probability that yours is so good and so unique that you're going to find yourself in the above "worst case" situation? Note: I don't mean that in an insulting sense at all. just an attempt to inject a little reality.

• How do I protect intellectual property in my PDF?

  Situation: I have several (qty 50-100) PDF documents that get released to customers as part of their final product.  I need to protect these documents, and prevent others from copying and/or uploading PDFs into CAD programs.
  One way is to save it as a TIFF, then re-save it back to a PDF.  This results in a rasterized (not vector) PDF, and makes it nearly impossible to upload into CAD.  However, I need a way to do 50-100 at a time, and ideally to reduce this to a single step.
  The other way, I am told, is to encrpyt and apply a security when saving.  So far I have not been able to get this to work successfully, and again, I will have an issue with being able to do large qtys at once.
  I am sure that other firms must have these same issues.  I have not found a solution through the forums, Google, or Adobe.
  Please Help!

  Hi George,
  I am not concerned about the text as much as the design.  It is possible (though maybe not kosher) to take a vector-based PDF and copy it into a CAD program, therefore stealing our engineers' designs and effort.  I don't know exactly how this is done, as I am not an engineer, but it is possible.
  It is much harder, if not impossible, to do this when the PDFs are rasterized.
  For example, create something in Illustrator, and save it as a PDF.  You can open it back in Illustrator and change it, you can zoom in on the PDF and everything is very clear.  Take that PDF and save it as a TIFF, then take that TIFF and save it back as a PDF.
  The final file is pixelated if you zoom in, and you are unable to open it and change it as a vector.  Does that make sense?
  We want to present our cusotmer with PDF files as the final, and again, the large qty is a major issue.
  Regarding your response, how do I apply security with a batch sequence?  Will this achieve the result I am looking for?

• Intellectual Property Management - Business Functions for SAP Customer Relationship Management - SAP Library

  To add a comment, please log in or register on the top of this page and choose Reply. Please write your comment in English.
  You can also go back to the SAP help page.

  Hi,
  It is a CRM Addon: Desktop Connection for SAP CRM – SAP Help Portal Page
  Best Regards,
  Sigrid

• How do I report stolen intellectual property being sold on the app store? (ie. someone stole my friend's code)

  Someone has stolen my friend's app wholesale (code, graphics, even the name) and is now selling it on the iTunes store, along with the android store.
  I also think the same 'developer' may have done this to other people and would like to flag it to apple as I don't think they would be happy if small developers are being ripped off like this.
  My friend has full development notes, etc. The info he stored online was broken into one day, and registered with both the Android and Apple stores a few days later. Is there anything I can do about this?
  Any help is very much appreciated!

  Email:
  <www.apple.com/itunes/go/itunesconnect/contactus>
  iTunes Connect Support <[email protected]>
  [email protected]
  Contact [email protected] to investigate signup issues.
  iPhone Developer Program/Review Team <[email protected]>
  https://developer.apple.com/appstore/resources/approval/contact.html
  [email protected]
  [email protected]
  [email protected]
  [email protected]
  Apple Developer Relations:
  (800) 633 2152
  (408) 974 4897
  App Review Board:
  https://developer.apple.com/appstore/resources/approval/contact.html
  Developer Technical Support (\) Requests:
  http://developer.apple.com/support/resources/technical-support.html
  To request player scores be removed due to abuse or cheating, contact
  <[email protected]>.

• Flex 4 protecting intellectual property

  I am building kind of a cms which is a normal flex 4 project. Lets say I have 1 application and 2 modules: the website itself and the control panel. The website itself module will be presented to the end users as a template which they can modify. But the control panel module will be compiled in swf and then deleted from the project so no source will be available. The project will still load that module and use it as the system requires it.
  So I have a few questions regarding this:
  1) is it possible to hack the exported swf module and retreive the source files from it?
  2) is it possible to protect it from that?
  3) should i set licenses on every source code I have?
  4) I use module for the control panel since there are less restrictions, but would setting the control panel in a separate application and load it as trusted or not trusted application work for me better in this case?
  I would be very happy if someone with experience or adobe employee could take a few minutes to guide me a bit of what should I do. Thanks a lot in advance!

  check out this post -
  http://www.nitrolm.com/blog/2009/06/23/how-to-hack-an-air-app-swf/
  It is always possible to "unofficially" decompile an swf file. I believe this company nitrolm also sells an swf obfuscation solution but i havent check it out yet.

• Do we have the option to unwrap the code(PL/SQL)

  Hi All,
  Do we have any option to upwrap the wraped PL/SQL Code.
  Regards
  Bond.

  user2481227 wrote:
  I thought the main purpose of wrapping code was to "secure intellectual property written in pl/sql". And in my opinion there should be a way to do that.That is a true statement, but your definition of "secure" may differ from others.
  If you deliver intellectual property to a customer that gets installed on a customer's servers, there is realistically no (technical) way to prevent the customer from reverse-engineering the code. Every language can be decompiled-- if the operating system or the database or some other piece of software can run the code, some other piece of software must necessarily be able to translate it back into source code. Doesn't matter whether it is C, PL/SQL, Java, or anything else-- you're always going to be able to decompile the code. Wrapping the code creates additional hoops that the customer has to jump through in order to view the source, which acts as a barrier against casual snooping, but a moderately determined person will always be able to get back to your source (or at least something functionally identical to your source).
  That said, how useful is code without comments going to be (and what version of Oracle are we talking about, since the wrap utility's algorithm was substantially strengthened in 10g)? If you really have intellectual property worth protecting, it probably isn't going to be hugely beneficial to someone to see tens of thousands of lines of code without comments. 9 times out of 10, in my experience primarily working for clients that purchase large, specialized applications, code obfuscation ends up annoying good customers (i.e. those that want to play by the rules) by making it harder to interoperate with the product they've purchased while providing little barrier to moderately determined hackers, so you may want to reconsider the requirement.
  If you're really concerned about protecting the code, one alternative option might be to play around with native compilation. I haven't looked, but I strongly suspect that variable names at least are going to be changed when Oracle generates the C code or the C compiler compiles it. Of course, there are plenty of C decompilers floating around, but then you'd be in basically the same situation that you'd be if you shipped an executable to the client.
  Justin

• I cannot download software or export secure Certificate from Firefox, but can with Internet Explorer. This is crucial for meeting a deadline with an international patent Filing Today. Pls help - 555-555-5555. Sheldon

  I tried to download an e-filing client software from the World Intellectual Property Organization (WIPO) website [http://www.wipo.int/pct-safe/en/download/download_client.htm] using Firefox. Clicking the link to download yielded no activity. I eventually tried the same link in internet explorer and it worked. This occurred last week. I have a deadline to complete an international patent filing today; and in order to do so online, I had to request a Secure Digital ID from WIPO. It was approved and received early this morning (Central European Time Zone); and the accompanying guidelines suggested that I use the same computer and browser to retrieve the ID. This meant that since I use Firefox as my default browser my request was also made and had to be retrieved in Firefox. Following the WIPO support instructions I ran into exactly the same problem of inactivity when trying to "Backup" my newly installed ID certificate per WIPO instruction, so that it may be imported into the e-filing software. Please help as soon as you can as my patent deadline is merely hours away. Please also see a response from the WIPO helpdesk below:
  Dear User,
  we hereby provide the following solution / answer to your request:
  Subject: Certificates (use of and different types)/26708 Answer from PCT-SAFE Help Desk:
  Unfortunately, apart from revoking your new certificate and then re-enrolling using Internet Explorer, I do not see many options.
  We cannot do support for external software, like Firefox, but I had a quick glance at Mozilla's support side and it seems that you might be able to resolve your problem by starting Firefox in safe mode, and/or disabling all your Firefox extensions. I have to stress the fact that this is not a procedure tested and approved by the PCT-SAFE team.
  As this is an extremely time-sensitive issue please also contact me by phone so that we can work through the solution in real-time. I can be reached at 555-555-555 - Sheldon
  '''Moderator edit: Removed personal information. This is a public forum. Please do not post any personal information as it may put your safety at risk -FF4L'''
  == This happened ==
  Every time Firefox opened
  == Attempting to download from a secure server

  Just to follow up on my findings. My last issue regarding the digital certificate was not at the time of initial download into Firefox, but my application required that I backup the certificate into a folder which can then be accessed to sign a submission generated by a third-party Client software.
  After finally steering away from the digital signing route by opting for a non digital filing of my project, I later revisited the Firefox certificates list only to find that the 'Backup' button still didn't work or respond in any way whatsoever; however since I only had a single certificate on my list... I threw my hand up in the air and tried the 'Backup All' button... guess what - that worked!! My browser then navigated to a file browser which allowed me to save the certificate to a folder of my choice. Of course this was after the fact as my deadline had already passed and and I had the Administrator who initially granted my secure ID revoke it once I was blocked from downloading it by Firefox.
  Just an update/FYI for y'all... But I'm not sure if this type of anomoly is due to a glitch on my computer or a glitch on the browser - but it certainly did catch me off-guard during a deadline.

• PDF Security... yet another inquiry

  I'm not so much concerned with the content of the form I'm creating but with the underlying javascript used in creating the dynamic functionality of this product.
  I've been researching security of PDF's, and I'm a bit worried. PDF Locker, Elcomsoft PDF Recovery Software, code obfuscators.... the list of possibilities goes on and on.
  It seems that my intellectual property is certainly going to be easy-pickin's for anyone with a modicum of software knowledge and more than passive curiosity.
  It also seems that top level security of a PDF document is easily broken. But what about the next level, the PDF infrastructure? Is that secure?
  Graham
  PS. Please don't sugar coat it... if it's relatively easy to access, I'd like to know.

  There are three ways to encrypt (secure) PDF documents and forms.  Here is a high level view of the differences...
  1) Password based encryption (requires Acrobat, OR Designer OR LiveCycle ES to be applied to the document)
  Not very secure, there are tools available on the internet that can crack password encryption
  “Global” permissions, there is no way to assign different permission to different users
  2) Encrypt with Certificates (requires Acrobat, OR LiveCycle ES to be applied to the document)
  Encrypt for individual users
  No support for “Groups”
  Access to each user’s public key that you will be encrypting the document for is required
  Protection is not dynamic
  If permission changes are required the source must be re-encrypted
  No way to revoke documents
  Need a PKI, or some source of Digital Certificates
  Certificates must have “Encryption” Key Usage2)
  3)  LiveCycle Rights Management ES (requires Acrobat, AND LiveCycle Rights Management ES to be applied to the document)
  Encrypt for individual users and\or Groups
  Protection is dynamic (controlled from server)
  If permission changes are required the source need not  be re-encrypted, thee changes can be made to the policy on the server
  Protected documents can be revoked
  Regards
  Steve

• 7 Things every Adobe AIR Developer should know about Security

  7 Things every Adobe AIR Developer should know about Security
  1. Your AIR files are really just zip files.
  Don't believe me? Change the .air extension to zip and unzip
  it with your favorite compression program.
  What does this mean for you the developer? What this means is
  that if you thought AIR was a compiled protected format, alas it is
  not.
  2. All your content is easily accessible in the AIR file.
  Since we now that the AIR file is really just a zip file,
  unzip it and see what's inside. If you have added any content
  references when you published the AIR file, voila, there it all is.
  What does this mean for you the developer? Well, you content
  is sitting there ripe for the picking, and so is everything else
  including you Application descriptor file, images etc.
  3. Code signing your Air app does nothing as far as security
  for you.
  All code signing your app does is verify to the end user that
  someone published the app. I does nothing as far as encryption and
  does nothing to project your content.
  What does this mean for you the developer? We'll you should
  still do it, because getting publisher "unknown" is worse. It also
  means that joe hacker would not be able decompile your entire app
  and republish it with the same certificate, unless they
  somehow got a hold of that too.
  4. All your AIR SWF content is easily decompilable.
  Nothing new here, it's always been this way. Type flash
  decompiler into google and you'll find a variety of decompilers for
  under $100 that will take your AIR content swf and expose all your
  source code and content in no time.
  What does this mean for you the developer? All you content,
  code, urls and intellectual property is publicly available to
  anyone with a decompiler, unless you do some extra work and encrypt
  your swf content files, which is not currently a feature of AIR,
  but can be done if you do your homework.
  5. Your SQLite databases are easy to get at.
  SQLite datatbases can be accessed from AIR or any other
  program on you computer that knows how to work with it. Unless you
  put your database in the local encrypted datastore, or encrypt your
  entire database it's pretty easy to get at, especially if you
  create it with a .db extension.
  What does this mean for you the developer? We'll SQLite is
  very useful, but just keep in mind that your data can be viewed and
  altered if you're not careful.
  6. The local encrypted datastore is useful, but....
  The local encrypted datastore is useful, but developers need
  a secure way of getting information into it. Storing usernames,
  passwords and urls in clear text is a bad idea, since as we
  discussed, you code is easy to decompile an read. By putting info
  into the local encrypted datastore, the data is encrypted and very
  difficult to get at. The problem is, how do you get it into there,
  without have to store any info that can be read in the air file and
  without the necessity of communicating with a web server? Even if
  you called a web service and pushed the returned values into the
  datastore, this is not ideal, since you may have encoded the urls
  to you web service into your code, or they intercept the results
  from the web service call.
  What does this mean for you the developer? Use the local
  datastore, and hope that we get some new ways of protecting content
  and data form Adobe in the next release of AIR.
  7. There are some things missing form the current version of
  AIR (1.1) that could really help ease the concerns of people trying
  to develop serious applications with AIR.
  Developers want more alternatives for the protection of local
  content and data. Some of us might want to protect our content and
  intellectual property, remember not all of us are building toys
  with AIR. Other than the local encrypted datastore there are not
  currently any built in options I'm aware of for encrypting other
  content in the AIR file, unless you roll your own.
  What does this mean for you the developer? We'll I've been
  told that Adobe takes security very seriously, so I'm optimistic
  that we'll see some improvements in this area soon. If security is
  a concern for you as much as it is for me, let them know.

  Putting "secret data" as a clear text directly in your code
  is a broken concept in every environment, programing language.
  Every compiled code is reversible, especially strings are really
  easy to extract.
  There is no simple, straightforward way to include secret
  data directly with your app. This is a complicated subject, and if
  you really need to do this, you'll need to read up on it a bit.
  But in most cases this can be avoided or worked around
  without compromising security. One of the best ways is to provide
  the user with a simple "secret key" alongside the app (best way is
  the good old login/password). The user installs the app, and
  provides his "secret key", that goes directly into
  EncryptedLocalStore, and then you use this "secret key" to access
  the "secret data" that's stored on your server. Then you can
  transfer the "secret data" directly into EncryptedLocalStore.
  As for the whole thread:
  Points 1-5 -> Those points do not concern AIR apps only.
  If you are developing an application in any language, you should
  follow those rules, meaning:
  - Code installed on users computer is easy accessible
  - Data stored locally is easy accessible, even if it
  encrypted using any symmetric-key encryption, because the
  encrypting algorithm and encryption key is in your source code (you
  could probably write a book on using public-key encryption so let's
  just leave it for now ;)
  Point 6 -> Is a valid one. All your app security should
  relay on the EncryptedLocalStore. But it is your job to get the
  data securely into the ELS, because there is no point to encrypt
  data that can be intercepted.