Hi all, I have a bunch of CFCs which I need to access in two ways: 1) there's a public API which users can invoke using an API key. They hit a cfm page which in turn invokes the CFC. The CFC is currently marked as public. 2) a Flex app also needs access to the same CFC. This access should be secured based on the current status of the session, ie the user needs to be authenticated. If the user is logged in they can use the CFC from the Flex app, otherwise they can't.
I have 1) pretty much figured out, but do not want to mark my CFC as remote to solve 2) since I do not want to it to be publicly viewable etc. I was therefore thinking of having a third CFC which is marked as remote and which facilitates invocation of the second CFC (the public one). The remote CFC could have role based access which would require a user to be logged in. Does this sound like a good strategy for securing my public CFC? (and note I use the term public in the sense of CF where it means that only other CFCs on the same server can invoke it) The main reason for this exercise is to avoid having to duplicate any app logic. I do not want to have one set of CFCs that are public, and another set that are remote, yet both to have the same logic contained within. Any advice appreciated. Regards, Stefan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/flex/message.cfm/messageid:6025 Subscription: http://www.houseoffusion.com/groups/flex/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.37
