Well my current [local] services-config.xml is set to allow "public" invocations and the file on my remote server contains the following:
[C:\CFusionMX7\wwwroot\WEB-INF\flex\services-config.xml] <method-access-level>remote</method-access-level> Now, all my Flex applications that I am compiling locally are able to access "public" methods on my remote server... is this not the instance of the file I should be configuring? If this is the file which is _supposed_ to control access, it certainly isn't doing a very good job. thanks, Geoff --- In [email protected], "Derrick Anderson" <[EMAIL PROTECTED]> wrote: > > " Anyone who is compiling Flex applications with a local services- > config.xml can control whether THEY want to access MY remote or > public methods... that can't be right." > > no, it's not- the settings that are in the file you use to compile against > are not hard-wired into the compiled app, if your server file has settings > that say not to allow execution of public methods, that's what happens, > regardless of the services-config.xml that was used in compiling. That's > how i understand it to work anyway- anybody who knows different feel free to > correct me. > > what seems to be important though is the 'path' to the services- config file > used in your compiler arguments. it looks at that path on the server to see > where the services-config file is, then whatever you have set in > <method-access-level> is what is used. > > i don't even have CF installed on my development box, only a copy of > services-config.xml in the same path as it is on the server, so that when i > compile and send it to the server it all works. > > i agree that it's confusing and there must be a better way or some much > better documentation for how all that stuff works. > > On 10/29/07, geoffreymina <[EMAIL PROTECTED]> wrote: > > > > OK, I am not using FDS or CFMX8 so I guess the config is all done in > > the services-config.xml file. The problem I have with that is the > > fact that we are talking about a client side compiler file which is > > supposed to control server side security... seems like an extremely > > flawed model! > > > > Anyone who is compiling Flex applications with a local services- > > config.xml can control whether THEY want to access MY remote or > > public methods... that can't be right. The crossdomain.xml is > > certainly not a solution because of the ability to spoof DNS... > > > > So basically what this comes down to is that if I want to run my > > Flex2Gateway, every public method on my system is exposed to the > > world. Or am I missing something much larger... > > > > Thanks, > > Geoff > > > > --- In [email protected] <flexcoders% 40yahoogroups.com>, "Derrick > > Anderson" > > <no.way.this.is.in.use@> wrote: > > > > > > services-config.xml is the right file, i think remoting-config is > > for when > > > using LCDS but i'm not really sure on that, look for > > > > > > <method-access-level>remote</method-access-level> > > > > > > in your destination definition. > > > > > > On 10/26/07, geoffreymina <geoffreymina@> wrote: > > > > > > > > Thanks for the answer. I only have the services-config.xml > > where is > > > > the remoting-config.xml file? Is this server side, or client side? > > > > > > > > Thanks, > > > > Geoff > > > > > > > > --- In [email protected] <flexcoders% 40yahoogroups.com><flexcoders%40yahoogroups.com>, > > > > João > > > > Fernandes > > > > <joaopedromartinsfernandes@> wrote: > > > > > > > > > > by default you can only invoke remote functions, not public > > ones. To > > > > > allow public functions to be called from a flex front-end you > > need to > > > > > change de configuration of the ColdFusion destination. > > > > > Check the remoting-config.xml if you have the method-access- > > level > > > > > property set to remote. To allow both public and remote this > > value is > > > > > set to 'public and remote'. > > > > > -- > > > > > > > > > > João Fernandes > > > > > > > > > > http://www.onflexwithcf.org > > > > > http://www.riapt.org > > > > > > > > > > > > > > > > > > > > > > > > > > >
