Yup, but if that's what he wants to do, this might be what he is looking for. If he wants to make it secure he might want to adopt a different file structure, as I do in this case, and let the method be determined by the current folder. I actually let every aspect of the directory rule what is called, i.e. system/package/Object/method
*While* we are on the topic of security, always describe your properties with attributes like regular expressions, required, format etc. and then do data checking and filtering before accepting the data. I myself do this with XML or cfproperty and use this to do the validation. Regards, Taco Fleur > -----Original Message----- > From: S. Isaac Dealey [mailto:[EMAIL PROTECTED] > Sent: Wednesday, 2 March 2005 12:08 AM > To: CF-Talk > Subject: Form Security - was RE: Run CFC method on form submit > > > > I think the following would work in your CFM page > > > <cfset YourObject = createObject( "component", > > "YourObject" ) /> > > <cfset myMethod = YourObject[ form.method ] /> > > <cfset myMethod( argumentCollection = form ) /> > > > form.method is ofcourse a hidden field in the form > > <input type="hidden" name="method" value="insert" /> > > I don't know if I'd recommend this for the same reason I > wouldn't recommend even CF7's server-side validation. Because > it relies on a hidden form field, anyone with cfhttp (or any > readily available > equivalent) can alter the behavior of your form on the server > -- so this becomes a potential vulnerability in your > application security. > > The articles written about the new cfform features in MX7 do > mention improved validation features, and I remember one > making the intimation that CF7 forms were more secure -- but > the honest truth is that if you rely solely on the server > side (and/or javascript) form validation they become > completely insecure. The only way you can secure CF7 forms is > by writing your own server-side validation for them -- the > good news is that the new isValid() and cfparam features make > this a lot easier, but don't be lulled into a false sense of > security by the new feautres, isValid() (or similar) is an > absolute must. > > s. isaac dealey 954.927.5117 > new epoch : isn't it time for a change? > > add features without fixtures with > the onTap open source framework > http://macromedia.breezecentral.com/p49777853/ http://www.sys-con.com/story/?storyid=44477&DE=1 http://www.sys-con.com/story/?storyid=45569&DE=1 http://www.fusiontap.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:196997 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
