OK, I have come across something that I find VERY disturbing. It appears that the Flex2Gateway can invoke any access="remote" or access="public" CFFunction.
I have developed a very large OO application for use with a Flex front end. My gateway components are all declared with remote access functions but their roles are properly set to NOT allow unauthorized access. The model objects all have their methods declared public with no roles defined... because, well, i assumed they couldn't be invoked directly from the web. Does anyone know if it is possible to change the scope of what the Flex2Gateway will allow access to? Perhaps I am off base here... maybe there is some higher level security which I am missing. Thanks, Geoff
