This is actually one of the biggest security problems on the internet right now, unprotected web services, remoting services, AJAX services. You can actually solve this a number of different ways. You might check out the "Securing Web Services" section in the docs first:
http://livedocs.adobe.com/coldfusion/8/htmldocs/webservices_22.html There is also a link on that page to "Securing Applications": http://livedocs.adobe.com/coldfusion/8/htmldocs/appSecurity_01.html Lastly, I would say that it's good to remember that any sessions you create on a CFM page should also be accessible in your CFCs, as long as they share a common Application.cfc file. This is a great way to enforce a common security model across CFM and CFC code... -Cameron On Mon, Jul 21, 2008 at 10:46 AM, Clarke Bishop <[EMAIL PROTECTED]> wrote: > I have one remaining problem to solve in my adventure with CF/Ajax. The CFCs > have to have access="remote". > > But, this means anyone can access the methods. What I built is a > master/detail, CRUD thing for administering users. So, I obviously don't > want some unauthorized person deleting my users or adding new ones. > > Normally, I've used access="public" before which wouldn't let an outside > user get to the methods. But, what's the best way to give access to my valid > CFM pages with Ajax and prevent access by bad guys? > > Thanks for any ideas! > > Clarke > > > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > > -- Cameron Childress Sumo Consulting Inc http://www.sumoc.com --- cell: 678.637.5072 aim: cameroncf email: [EMAIL PROTECTED] ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
