How�can I be 100% sure that the caller is only example mydomain.com... and no body else is calling me... All the call to me (ColdFusion MX) are through�Flash Remoting only and with mydomain.com site. Any advice to me for how I can lock down my CFCs, my stuff, for security.�
Well, there's a lot of options and it really depends on what you're actually trying to achieve.
A CFC that has no access="remote" methods in it cannot be called except by your own code so I assume you're talking about Web Services and/or Flash Remoting?
Is cflogin can do the job! I don't use cflogin right now... I'm using session scope...
You can use cflogin / cfloginuser to set 'roles' for an authenticated user and then use the roles= attribute on cffunction to restrict access to methods.
Sean A Corfield -- http://www.corfield.org/blog/
"If you're not annoying somebody, you're not really alive."
-- Margaret Atwood
