> If people load the SWF directly, wouldn't that bypass any of the > security mechanisms you are implementing in your CF code? > "http://www.myserver.com/Myswf.swf"; will never load any CF code and > will therefore never validate the users login credentials. [right?]
Not if you have an Application.cfm (or cfc) that checks credentials (and/or maybe even redirects when the swf is being referenced directly - if that is possible). ----- Original Message ----- From: "Jeffry Houser" <j...@dot-com-it.com> To: <flexcoders@yahoogroups.com> Sent: Tuesday, September 29, 2009 12:16 AM Subject: Re: [flexcoders] flex on a cfm page > > If people load the SWF directly, wouldn't that bypass any of the > security mechanisms you are implementing in your CF code? > "http://www.myserver.com/Myswf.swf"; will never load any CF code and > will therefore never validate the users login credentials. [right?] > > It may not matter for your app, but if it does you'll want to have SWF > code that validates against your CF based security login. This code > could be "headless"; just pinging the server and seeing if the user is > logged in via some session variable. > > As long as the SWF and CFM page are served from the same domain / CF > Server, a CFC called from the SWF should have no trouble accessing CF > session variables. > > > Jake Churchill wrote: >> >> >> I do it all the time and yes, just password protect the CFM template >> and the server will protect your SWF. If you are being SUPER secure, >> you might want to code a login form for both or share sessions or >> something like that but in general, this is fine. >> >> >> >> Jake Churchill >> CF Webtools >> 11204 Davenport, Ste. 100 >> Omaha, NE 68154 >> http://www.cfwebtools.com <http://www.cfwebtools.com> >> 402-408-3733 x103 >> >> *From:* flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] >> *On Behalf Of *nstokes142 >> *Sent:* Monday, September 28, 2009 1:08 PM >> *To:* flexcoders@yahoogroups.com >> *Subject:* [flexcoders] flex on a cfm page >> >> >> >> >> >> I am sure that this is so basic a question that I am almost embaressed >> to ask but here goes . . >> I have a site I have built with Coldfusion. The site is password >> protected and uses a cfm routine to grant access to the site. >> I want to add a flex app on this site. I want this app to be password >> protected like the other pages on the site but >> >> I dont want to code a seperate log in for the flex app. Is it kosher >> to wrap the flex app in a cfm wrapper instead of the default html >> wrapper that the flex page lives on? How would you guys handle this >> sort of scenario? >> (Where the flex app is not the main app on a site) >> >> No virus found in this incoming message. >> Checked by AVG - www.avg.com >> Version: 8.5.409 / Virus Database: 270.13.113/2400 - Release Date: >> 09/28/09 05:51:00 >> >> >
