What are the best
practices to secure coldfusion remoting services for Flex2?
On the flash/flex
side, we
haved configured the cross domain policy file on our server, so that only
swf served by our domain can call our services.
That's
fine.
But the problem
comes from coldfusion cfc "remote" access : it allows
(secured) flash/flex remoting calls, but also web services calls from any
client from anywhere.
Not very good for
security...
Is it
possible to allow only flex remote object calls on our
services?
That would solve the issue.
There was an old tip
for that (http://www.flash-remoting.com/notablog/home.cfm?newsid=24) but
it looks like it does not work with the ColdFusion 7.0.2 update and Flex remote
object calls.
Any
suggestions?
Benoit
Hediard
--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com
YAHOO! GROUPS LINKS
- Visit your group "flexcoders" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
