I took the following approach for a FLEX application that I wrote last month:
1. create a single "gateway" or "proxy" CFC that has all (or at least most) of your methods set with the "access" attribute set to "remote" 2. break apart the business logic of your app into other CFCs with methods that have attributes set to public, package or private as needed 3. write a generic "call" method into your gateway CFC that takes the following arguments: a. component name b. method name c. arguments You can use this single method to "proxy" a call to any other CFC's method in your model 4. create logical roles for your application and tie them into the methods of your "business" CFCs using the "roles" attribute 5. write a CFC called something like SecurityManager that has login/logout methods to query your authentication store and use the cflogin, cfloginuser and cflogout tags to associate roles with a user's session If you want more detail just let me know... but I found this approach to be pretty effective. The user can only hit one CFC remotely, and until they authenticate they can't call any of the methods in your underlying business logic CFCs. Quick hint: add "Debug" to the role attribute of every method so you don't have to deal with role-complexity when you're doing simple code testing and sanity checks :) Good luck! -Cliff On 8/5/05, Gavin Brook <[EMAIL PROTECTED]> wrote: > Hi All, > > I'm currently designing an application that will utilise a Flash > frontend and talk to a CFMX7 Flash gateway for performing business > logic. This connection needs to be secure and the users authenticated > via the business objects. I am familiar with how to perform the > authentication and I've read a few articles on security. > > I was wondering if anyone has any suggestions or experiences with > securing this process both at the application and request levels. Any > tips will be greatly appreciated. > > Thanks, > > Gavin > > > ---------------------------------------------------------- > You are subscribed to cfcdev. To unsubscribe, send an email to > [email protected] with the words 'unsubscribe cfcdev' as the subject of the > email. > > CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting > (www.cfxhosting.com). > > CFCDev is supported by New Atlanta, makers of BlueDragon > http://www.newatlanta.com/products/bluedragon/index.cfm > > An archive of the CFCDev list is available at > www.mail-archive.com/[email protected] > > > ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [email protected] with the words 'unsubscribe cfcdev' as the subject of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by CFXHosting (www.cfxhosting.com). CFCDev is supported by New Atlanta, makers of BlueDragon http://www.newatlanta.com/products/bluedragon/index.cfm An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
