> > That only protects against users referencing the component > browser. It doesn't stop them using the CFCs already > instantiated into server scope. > > You could secure the methods with roles but that would > require that all your apps were permanently "logged in"...
Although if you can get an instance of the CFC than you can introspect it and see which roles are required, then simply add those roles to the current request. Right? -rc ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
