I'm trying to implement a Model-View-Controller architecture in a new project I'm working on. I've borrowed heavily from Ben's (http://www.benorama.com/coldfusion/patterns/part2.htm) visualization of the MVC pattern in CFMX- with CFC's serving as the controller layer.
Obviously this means that CFC's will be called directly through browser requests, albeit, as per Ben's recommendations, through form posts only. Be that as it may, I require certain actions to call CFC's through a GET request. In either case, here are my questions regarding the situation-
1) How do I guard against an unscrupulous/curious user from trying to access arbitrary methods in the CFC (which may not necessarily exist, or have public access)? One way I know would be to <cfswitch> between all the valid public access methods and provide a defaultcase; I hate to put any code other than instance variables outside functions (not in line with OO principles). What has your experience with that been? Or how else would you tackle this situation.
Not handling the situation will allow the CFC to throw an uncaught exception to the User- again I won't (?) be able to put try/catch statements around the CFC.....
2) Ben's way of transferring control from the controller CFC to the view page is to use <cflocation>. Can anyone throw some more light on the relative pitfalls of relocating versus including the view page (another way of transferring control) from the CFC?
I appreciate your feedback on my questions...hopefully this will be useful to others too....
TIA
Nikhil
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
