[CFCDev] Securing CFCs with Flash Remoting

[St�phane Bisson]

A question came in my mind after reading back the ColdFusion MX book of Ben, about the security of my CFCs that are only called by Flash Remoting!. Here's what I read...   -------------------------------------------------------------------------------------------------------------------------------------------------------------------- page: 532 Advanced ColdFusion Components   CFC "Good" Practices   OOP................   Use Hints   Totally agree with him   (here's was I'm unsecure)   Avoid ACCESS="REMOTE"   CFC functions should only have their accesses set as remote if you really intend them to be used remotely. If you are not using SOAP Web Services or Flash Remoting in your application, do not use this attribute. If a major points of CFCs is to encapsulate your business logic, then that is precisely the code that you don't want to leave open to the "outside world".   --------------------------------------------------------------------------------------------------------------------------------------------------------------------   You know I'm French and I'm trying hard to understand the last sentence... for me it means that all my CFCs facade methods can be call by any who in the world!!!... not necessarily via my Flash Movie�   I will change my application to look at �login credentials� on almost every CFC methods, will it make a difference!... if the hacker has built a Flash Movie using his nickname and password to send tons of requests!...   I�m just concerns about the security aspect of my facade CFC methods� what can really happen in the real word with my �remote� CFC methods!...   I would like to follow the �Good� Practices of Ben to Avoid access=�remote�, but I guest I don�t have any choice their!... I�m building a Flash site� and just reading �you don't want to leave open to the "outside world"�� make me afraid a bit� and would like to understand more the impact of not avoiding the access="remote"...   Any comments will be really appreciated   Stephane