If you remove the return type of the function then if the file is called via a webservice then the template will error, if you call the function via flash it will work fine... That's what we use..
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Samuel Neff Sent: Friday, May 30, 2003 16:42 To: cfcdev Subject: [CFCDev] Securing CFC's to allow Flash access but not Web Services access Recently I posted some code which used CFMX internals to protect CFC's from being called as a web service but still allowed them to be called from Flash. A bunch of people blogged it, so I guess others liked the idea. A coworker came up with another idea which is much better. You can put the CFC's in a folder secured by username/password. You don't ever need to supply the username/password for access from Flash since the Flash request comes through the gateway, not directly to the CFC. Still has the same caveat that someone can access your cfcs by using your gateway, but this would provide the same security as checking for the Flash scope and doesn't use an undocumented internals. Thought some might be interested... Sam ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the word 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the word 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
