yes, once you mark it remote any flash client/web service/URL can access it. But.. you can secure it.
1) Since the application.cfm is also always run before a cfc is called from a URL/Flash/WebService. You can use the <cflogin> tag(s) to log users in and set their permissions. Then you can secure the method using the Roles attribute in cffunction. Since your using <cflogin> you can login two ways, a) through a .cfm login page on your site. b) from flash, using the setCredentials(username, password) method. 2) pass a username/password as arguments to the function. 3) For poor man security, you can check the client in the application.cfm (cgi.user_agent) and if not flash abort or throw an error. Granted this is easy hacked, but it's more then nothing. hth, ---nimer > -----Original Message----- > From: Stacy Young [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 25, 2002 8:45 AM > To: CF-Talk > Subject: RE: Flash Remoting & Security > > > You can have them login prior and have that info available in > client or > session scope on the server side. > > Stace > > > -----Original Message----- > From: Andrew Scott [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 25, 2002 12:08 AM > To: CF-Talk > Subject: RE: Flash Remoting & Security > > There are a number of ways to secure this, if it was me as cffunction > can be tied to accept a username and password as an > attribute. Then you > can make sure that you flash is the one using it, to complete > this make > the connection with a secured (Https) connection and it would > mean that > it is hard to use. However I wouldn't store the username and > password in > the flash file! > > > -----Original Message----- > From: Chris Kief [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, 25 June 2002 10:21 AM > To: CF-Talk > Subject: Flash Remoting & Security > > I was hoping someone could shed a little light on an issue that I've > been pondering a bit lately... > > When setting the access parameter of a cffunction to "remote" > (which is > necessary for a Flash client to access the function), doesn't > this also > allow others to call that function as a web service (like another > server)? Does this mean that your web service is now publicly > available? > Or does it have to be registered in the CFMX admin panel before others > are allowed access? > > I want to make sure that access to the function or component is > restricted to only the flash client that is served from my server. > > Any clarifications are greatly appreciated, > chris > > > > > ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
