To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Securing CFCs
On Mon, Jul 21, 2008 at 4:06 PM, Clarke Bishop [EMAIL PROTECTED]
wrote:
Cameron, you mentioned sessions will be available in both your CFM
pages and CFCs as long as they share a common Application.cfc file.
So, you'd put the CFC
I have one remaining problem to solve in my adventure with CF/Ajax. The CFCs
have to have access=remote.
But, this means anyone can access the methods. What I built is a
master/detail, CRUD thing for administering users. So, I obviously don't
want some unauthorized person deleting my users or
All access must be authorized. Only expose those methods required by
the external system.
Your CFC methods are performing authorization already, aren't
they? ;-) If not, now is a great time to add appropriate
authorization controls to your system before exposing such APIs.
-dhs
Dean
This is actually one of the biggest security problems on the internet
right now, unprotected web services, remoting services, AJAX services.
You can actually solve this a number of different ways. You might
check out the Securing Web Services section in the docs first:
Jul 2008 10:46:09 -0400
SUBJECT: [ACFUG Discuss] Securing CFCs
I have one remaining problem to solve in my adventure with CF/Ajax. The CFCs
have to have access=remote.
But, this means anyone can access the methods. What I built is a
master/detail, CRUD thing for administering users. So, I
Chat:
http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN
-- Original Message --
FROM: Clarke Bishop [EMAIL PROTECTED]
TO:discussion@acfug.org
DATE: Mon, 21 Jul 2008 10:46:09 -0400
SUBJECT: [ACFUG Discuss] Securing CFCs
I have one remaining
On Mon, Jul 21, 2008 at 10:52 AM, Mischa Uppelschoten ext 10
[EMAIL PROTECTED] wrote:
That is a really good question and I'm curious about the input from the group.
Maybe use permissions on a webserver/file level? All legit requests would
be coming from localhost/127.0.0.1/server's IP address,
rsX.comFollow
this link for Instant Web Chat:http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN
--- Original
Message ---
From:"Howard Fore" [EMAIL PROTECTED]
To:discussion@acfug.org
Date:Mon, 21 Jul 2008 11:23:31
-0400
Subject:Re: [ACF
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cameron
Childress
Sent: Monday, July 21, 2008 11:01 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Securing CFCs
This is actually one of the biggest security problems on the internet right
now, unprotected
. But, is there a better way to test
something
like this?
Thanks again to everyone for your help!
Clarke
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cameron
Childress
Sent: Monday, July 21, 2008 11:01 AM
To: discussion@acfug.org
Subject: Re: [ACFUG Discuss] Securing
10 matches
Mail list logo