I thought....
That the Application.cfm will only run if you request a cfm page
unless you configure your server differently
For a while I do seem to remember that swfs were somehow processed w/
CF, but I thought that was related to Flash Forms which were built in
Flex 1.5; but I'm unclear if that would affect a swf you create on your
own. I'm unsure what the default extensions on the web server that maps
to CF (cfm, cfml, and cfc)
Muzak wrote:
> If people load the SWF directly, wouldn't that bypass any of the
> security mechanisms you are implementing in your CF code?
> "http://www.myserver.com/Myswf.swf
<http://www.myserver.com/Myswf.swf>" will never load any CF code and
> will therefore never validate the users login credentials. [right?]
Not if you have an Application.cfm (or cfc) that checks credentials
(and/or maybe even redirects when the swf is being referenced
directly - if that is possible).
----- Original Message -----
From: "Jeffry Houser" <[email protected] <mailto:jeff%40dot-com-it.com>>
To: <[email protected] <mailto:flexcoders%40yahoogroups.com>>
Sent: Tuesday, September 29, 2009 12:16 AM
Subject: Re: [flexcoders] flex on a cfm page
>
> If people load the SWF directly, wouldn't that bypass any of the
> security mechanisms you are implementing in your CF code?
> "http://www.myserver.com/Myswf.swf
<http://www.myserver.com/Myswf.swf>" will never load any CF code and
> will therefore never validate the users login credentials. [right?]
>
> It may not matter for your app, but if it does you'll want to have SWF
> code that validates against your CF based security login. This code
> could be "headless"; just pinging the server and seeing if the user is
> logged in via some session variable.
>
> As long as the SWF and CFM page are served from the same domain / CF
> Server, a CFC called from the SWF should have no trouble accessing CF
> session variables.
>
>
> Jake Churchill wrote:
>>
>>
>> I do it all the time and yes, just password protect the CFM template
>> and the server will protect your SWF. If you are being SUPER secure,
>> you might want to code a login form for both or share sessions or
>> something like that but in general, this is fine.
>>
>>
>>
>> Jake Churchill
>> CF Webtools
>> 11204 Davenport, Ste. 100
>> Omaha, NE 68154
>> http://www.cfwebtools.com <http://www.cfwebtools.com>
<http://www.cfwebtools.com <http://www.cfwebtools.com>>
>> 402-408-3733 x103
>>
>> *From:* [email protected]
<mailto:flexcoders%40yahoogroups.com>
[mailto:[email protected] <mailto:flexcoders%40yahoogroups.com>]
>> *On Behalf Of *nstokes142
>> *Sent:* Monday, September 28, 2009 1:08 PM
>> *To:* [email protected] <mailto:flexcoders%40yahoogroups.com>
>> *Subject:* [flexcoders] flex on a cfm page
>>
>>
>>
>>
>>
>> I am sure that this is so basic a question that I am almost embaressed
>> to ask but here goes . .
>> I have a site I have built with Coldfusion. The site is password
>> protected and uses a cfm routine to grant access to the site.
>> I want to add a flex app on this site. I want this app to be password
>> protected like the other pages on the site but
>>
>> I dont want to code a seperate log in for the flex app. Is it kosher
>> to wrap the flex app in a cfm wrapper instead of the default html
>> wrapper that the flex page lives on? How would you guys handle this
>> sort of scenario?
>> (Where the flex app is not the main app on a site)
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 8.5.409 / Virus Database: 270.13.113/2400 - Release Date:
>> 09/28/09 05:51:00
>>
>>
>
--
Jeffry Houser, Technical Entrepreneur
Adobe Community Expert: http://tinyurl.com/684b5h
http://www.twitter.com/reboog711 | Phone: 203-379-0773
--
Easy to use Interface Components for Flex Developers
http://www.flextras.com?c=104
--
http://www.theflexshow.com
http://www.jeffryhouser.com
--
Part of the DotComIt Brain Trust
