Duh! I meant to write
local subnet.
: Wouldnt AJAX requests
be coming from the users web browser IP?
: On Mon, Jul 21, 2008 at 10:52 AM, Mischa Uppelschoten ext 10 : <[EMAIL PROTECTED]> wrote: : That is a really good question and Im curious about the input from the group. : Maybe use permissions on a webserver/file level? All legit requests would be : coming from localhost/127.0.0.1/servers IP address, right? : /m : : : But, whats the best way to give access to my valid : : CFM pages with Ajax and prevent access by bad guys? : : : Thanks for any ideas! : : : Clarke : : : : : : : ------------------------------------------------------------- : : To unsubscribe from this list, manage your profile @ : : http://www.acfug.org?fa=login.edituserform : : : For more info, see http://www.acfug.org/mailinglists : : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : : List hosted by http://www.fusionlink.com : : ------------------------------------------------------------- : : : : : : : : : : Mischa Uppelschoten : The Bankers Exchange, LLC. : 4200 Highlands Parkway SE : Suite A : Smyrna, GA 30082-5198 : : Phone: (404) 605-0100 ext. 10 : Fax: (404) 355-7930 : Web: www.BankersX.com : Follow this link for Instant Web Chat: : http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN : : ---------- Original Message ---------- : : FROM: "Clarke Bishop" <[EMAIL PROTECTED]> : TO: <discussion@acfug.org> : DATE: Mon, 21 Jul 2008 10:46:09 -0400 : : SUBJECT: [ACFUG Discuss] Securing CFCs : : I have one remaining problem to solve in my adventure with CF/Ajax. The CFCs : have to have access="remote". : : But, this means anyone can access the methods. What I built is a : master/detail, CRUD thing for administering users. So, I obviously dont : want some unauthorized person deleting my users or adding new ones. : : Normally, Ive used access="public" before which wouldnt let an outside : user get to the methods. But, whats the best way to give access to my valid : CFM pages with Ajax and prevent access by bad guys? : : Thanks for any ideas! : : Clarke : : : : : : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org?fa=login.edituserform : : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by http://www.fusionlink.com : ------------------------------------------------------------- : : : : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org?falogin.edituserform : : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by http://www.fusionlink.com : ------------------------------------------------------------- : : : : : -- : Howard Fore, [EMAIL PROTECTED] : "The universe tends toward maximum irony. Dont push it." - Jeff Atwood : ------------------------------------------------------------- : To unsubscribe from this list, manage your profile @ : http://www.acfug.org?fa=login.edituserform : : For more info, see http://www.acfug.org/mailinglists : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ : List hosted by FusionLink : ------------------------------------------------------------- Mischa Uppelschoten The Banker's Exchange, LLC. 4200 Highlands Parkway SE Suite A Smyrna, GA 30082-5198 Phone: (404) 605-0100 ext. 10 Fax: (404) 355-7930 Web: www.BankersX.com Follow this link for Instant Web Chat: http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN ----------------------- Original
Message -----------------------
From: "Howard Fore" <[EMAIL PROTECTED]>
Date: Mon, 21 Jul 2008 11:23:31
-0400
Subject: Re: [ACFUG Discuss]
Securing CFCs
Wouldn't AJAX requests be coming
from the user's web browser IP? On Mon, Jul 21, 2008
at 10:52 AM, Mischa Uppelschoten ext 10 <[EMAIL PROTECTED]>
wrote: That is a really good question and I'm curious about the input from the group. Maybe use permissions on a webserver/file level? All legit requests would be coming from localhost/127.0.0.1/server's IP address, right? -- Howard Fore, [EMAIL PROTECTED] "The universe tends toward maximum irony. Don't push it." - Jeff Atwood ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink ------------------------------------------------------------- ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com ------------------------------------------------------------- |
- Re: [ACFUG Discuss] s... Jeremy Allen
- [ACFUG Discuss] Secur... Clarke Bishop
- Re: [ACFUG Discuss] S... Dean H. Saxe
- Re: [ACFUG Discuss] S... Cameron Childress
- RE: [ACFUG Discuss] S... Clarke Bishop
- Re: [ACFUG Discuss] S... Dean H. Saxe
- Re: [ACFUG Discuss] S... Cameron Childress
- RE: [ACFUG Discuss] S... Clarke Bishop
- re: [ACFUG Discuss] S... Mischa Uppelschoten ext 10
- Re: [ACFUG Discuss] S... Howard Fore
- re[2]: [ACFUG Discuss... Mischa Uppelschoten ext 10
- Re: re[2]: [ACFUG Dis... Cameron Childress
- Re: [ACFUG Discuss] S... Cameron Childress
- Re: [ACFUG Discuss] Assistance... Cameron Childress
- Re: [ACFUG Discuss] Assistance parsing... Steven Ross
- [ACFUG Discuss] out of office buddy . scott
- Re: [ACFUG Discuss] out of office Dean H. Saxe
- Re: [ACFUG Discuss] out of office Robert Occhialini Jr.
- Re: [ACFUG Discuss] out of office Dean H. Saxe
- RE: [ACFUG Discuss] out of office Cody Wehunt
- [ACFUG Discuss] free cf traini... Charlie Arehart