On Fri, 13 Aug 2004 20:40:19 -0400, Adam Churvis <[EMAIL PROTECTED]> wrote: > Is there a reason why you're not using CFLOGINUSER then restricting method > access using the roles attribute of CFFUNCTION?
The problem with that model is that you get raw exceptions thrown from the call which means you need to wrap everything with exception handling. I think you're much better off just programming your system to only allow operations to be offered to users if they have the right permissions. As for raw CFC methods, they're mostly not going to be access="remote" anyway so there's no security issue around them being called directly by unauthorized users (you don't have your CFCs under your webroot, surely?). -- Sean A Corfield -- http://www.corfield.org/blog/ "If you're not annoying somebody, you're not really alive." -- Margaret Atwood ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
