That is a really good question and I'm curious about the input from the group. Maybe use permissions on a webserver/file level? All legit requests would be coming from localhost/127.0.0.1/server's IP address, right? /m
But, what's the best way to give access to my valid : CFM pages with Ajax and prevent access by bad guys? : Thanks for any ideas! : Clarke : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org?fa=login.edituserform : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by http://www.fusionlink.com : ------------------------------------------------------------- Mischa Uppelschoten The Banker's Exchange, LLC. 4200 Highlands Parkway SE Suite A Smyrna, GA 30082-5198 Phone: (404) 605-0100 ext. 10 Fax: (404) 355-7930 Web: www.BankersX.com Follow this link for Instant Web Chat: http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN ---------- Original Message ---------- FROM: "Clarke Bishop" <[EMAIL PROTECTED]> TO: <[email protected]> DATE: Mon, 21 Jul 2008 10:46:09 -0400 SUBJECT: [ACFUG Discuss] Securing CFCs I have one remaining problem to solve in my adventure with CF/Ajax. The CFCs have to have access="remote". But, this means anyone can access the methods. What I built is a master/detail, CRUD thing for administering users. So, I obviously don't want some unauthorized person deleting my users or adding new ones. Normally, I've used access="public" before which wouldn't let an outside user get to the methods. But, what's the best way to give access to my valid CFM pages with Ajax and prevent access by bad guys? Thanks for any ideas! Clarke ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
