You can use it for flash remoting web services, i believe, where you don't
have the opportunity to secure at any other level. Put your CFLOGIN tag in
Application.cfm, and then use the roles attribute to control access.
Yes, we do something similar on macromedia.com - we have *some* methods on *some* CFCs that use the roles= attribute to ensure that they can't be invoked except by a "trusted party" - we don't use roles= for actual user role checking, only for application-level checking, i.e., an application has its own login / role that it uses to access the remote methods and then that method does user authentication etc. This prevents access to WSDL generation as well so folks can't even see what methods are present on a CFC.
Sean A Corfield -- http://www.corfield.org/blog/
"If you're not annoying somebody, you're not really alive." -- Margaret Atwood
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email
to [EMAIL PROTECTED] with the word 'unsubscribe cfcdev' in the message of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
