RE: remote proxy object security

Tue, 30 Sep 2008 15:41:31 -0700 

 

-----Original Message-----
From: Cutter (CFRelated) [mailto:[EMAIL PROTECTED] 
Sent: Monday, September 29, 2008 1:28 PM
To: cf-talk
Subject: Re: remote proxy object security

Richard,

We recently implemented a few webservices for our parent company. When
doing these I took a multi-tier approach:

1) folder of service requires authentication (web server)
2) Application in folder required the request be made over SSL
3) Application took authentication credentials from server auth, and
also verified against:
        a) List of authorized users
        b) DB check of authentication to system
    This applied a role to the authenticated user, for which certain
services required specific roles for access as well.

This is how we've handled this particular access. A lot of the data
being returned from the service is also encrypted, providing another
layer of security.

Using Ajax for these services, you may also want to review this article
from Ray Camden,
http://www.coldfusionjedi.com/index.cfm/2007/7/31/ColdFusion-8-Ajax-Secu
rity-Features.

Steve "Cutter" Blades
Adobe Certified Professional
Advanced Macromedia ColdFusion MX 7 Developer
_____________________________ http://blog.cutterscrossing.com

Richard White wrote:
> hi,
> 
> we are creating remote proxy objects / web services as a lot of our
software uses JSMX from the client to the server.
> 
> however, we don't quite understand the security of these objects. how
can we ensure that no one else can use these remote proxy objects / web
services without coming through the JSMX message calls from our client
software?
> 
> any discussions, tips or advice would be welcome as we are just trying
to get our heads around this.
> 
> thanks
> 
> richard
> 
> 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313302
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Reply via email to