Recently I posted some code which used CFMX internals to protect CFC's from being called as a web service but still allowed them to be called from Flash. A bunch of people blogged it, so I guess others liked the idea.
A coworker came up with another idea which is much better. You can put the CFC's in a folder secured by username/password. You don't ever need to supply the username/password for access from Flash since the Flash request comes through the gateway, not directly to the CFC. Still has the same caveat that someone can access your cfcs by using your gateway, but this would provide the same security as checking for the Flash scope and doesn't use an undocumented internals. Thought some might be interested... Sam ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the word 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
