All access must be authorized. Only expose those methods required by
the external system.
Your CFC methods are performing authorization already, aren't
they? ;-) If not, now is a great time to add appropriate
authorization controls to your system before exposing such APIs.
-dhs
Dean H. Saxe, CISSP, CEH
[EMAIL PROTECTED]
"What difference does it make to the dead, the orphans, and the
homeless, whether the mad destruction is wrought under the name of
totalitarianism or the holy name of liberty and democracy? "
--Gandhi
On Jul 21, 2008, at 10:46 AM, Clarke Bishop wrote:
I have one remaining problem to solve in my adventure with CF/Ajax.
The CFCs
have to have access="remote".
But, this means anyone can access the methods. What I built is a
master/detail, CRUD thing for administering users. So, I obviously
don't
want some unauthorized person deleting my users or adding new ones.
Normally, I've used access="public" before which wouldn't let an
outside
user get to the methods. But, what's the best way to give access to
my valid
CFM pages with Ajax and prevent access by bad guys?
Thanks for any ideas!
Clarke
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
