are roles actually invoked when a cfc is set to remote access? Since
application.cfc/cfm are NOT invoked, I thought perhaps the roles would be
useless for this.
DK
On 7/21/07, John Mason <[EMAIL PROTECTED]> wrote:
Lance, naturally Sat morning is going to be a slow point on the list.
You'll probably get some more responses on monday. If not re-post then.
There are attributes to cffunction to restrict access on a cfc method and
thereby provides a form of security: roles,access,output.
Output: works just like the cfsilent tag and keeps the code from outputing
any information. I prefer my functions/methods to simply take in data and
provide return data not to do any cfoutput stuff. That could expose info
about the method.
Access: There types here: remote,public,package,private. Webservices have
to be remote. Site-wide methods would normally be public. Methods exposed
only within the cfc should be private. Package access allows the method to
be expose to any other cfc's that extends your cfc. Very nice stuff here and
it should be used. Too many people just make it public and never like it
again.You'll go a long way to take some time to review and tune up your
access points.
Roles: Also a rarely used attribute. You can define roles that can access
the cfc. If you use the cflogin tags, then this option flows straight from
that and provides another security level over the access option. If used, a
person would need to match his role and access to properly access a cfc
method which is very good.
Hope this helps,
John
[EMAIL PROTECTED]
------------------------------
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Lance
Knight
*Sent:* Saturday, July 21, 2007 9:40 AM
*To:* discussion@acfug.org
*Cc:* [EMAIL PROTECTED]
*Subject:* [ACFUG Discuss] security in CFC
Any One
I'm looking for any documentation on how to handle security in CFC and
webservices ,best practices stuff
Thk
Lance
-------------------------------------------------------------
Annual Sponsor - Figleaf Software <http://www.figleaf.com>
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink <http://www.fusionlink.com>
-------------------------------------------------------------
-------------------------------------------------------------
Annual Sponsor - Figleaf Software <http://www.figleaf.com>
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink <http://www.fusionlink.com>
-------------------------------------------------------------
--
Douglas Knudsen
http://www.cubicleman.com
this is my signature, like it?
-------------------------------------------------------------
Annual Sponsor FigLeaf Software - http://www.figleaf.com
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
