" Anyone who is compiling Flex applications with a local services- config.xml can control whether THEY want to access MY remote or public methods... that can't be right."
no, it's not- the settings that are in the file you use to compile against are not hard-wired into the compiled app, if your server file has settings that say not to allow execution of public methods, that's what happens, regardless of the services-config.xml that was used in compiling. That's how i understand it to work anyway- anybody who knows different feel free to correct me. what seems to be important though is the 'path' to the services-config file used in your compiler arguments. it looks at that path on the server to see where the services-config file is, then whatever you have set in <method-access-level> is what is used. i don't even have CF installed on my development box, only a copy of services-config.xml in the same path as it is on the server, so that when i compile and send it to the server it all works. i agree that it's confusing and there must be a better way or some much better documentation for how all that stuff works. On 10/29/07, geoffreymina <[EMAIL PROTECTED]> wrote: > > OK, I am not using FDS or CFMX8 so I guess the config is all done in > the services-config.xml file. The problem I have with that is the > fact that we are talking about a client side compiler file which is > supposed to control server side security... seems like an extremely > flawed model! > > Anyone who is compiling Flex applications with a local services- > config.xml can control whether THEY want to access MY remote or > public methods... that can't be right. The crossdomain.xml is > certainly not a solution because of the ability to spoof DNS... > > So basically what this comes down to is that if I want to run my > Flex2Gateway, every public method on my system is exposed to the > world. Or am I missing something much larger... > > Thanks, > Geoff > > --- In [email protected] <flexcoders%40yahoogroups.com>, "Derrick > Anderson" > <[EMAIL PROTECTED]> wrote: > > > > services-config.xml is the right file, i think remoting-config is > for when > > using LCDS but i'm not really sure on that, look for > > > > <method-access-level>remote</method-access-level> > > > > in your destination definition. > > > > On 10/26/07, geoffreymina <[EMAIL PROTECTED]> wrote: > > > > > > Thanks for the answer. I only have the services-config.xml > where is > > > the remoting-config.xml file? Is this server side, or client side? > > > > > > Thanks, > > > Geoff > > > > > > --- In [email protected] > > > <flexcoders%40yahoogroups.com><flexcoders%40yahoogroups.com>, > > João > > > Fernandes > > > <joaopedromartinsfernandes@> wrote: > > > > > > > > by default you can only invoke remote functions, not public > ones. To > > > > allow public functions to be called from a flex front-end you > need to > > > > change de configuration of the ColdFusion destination. > > > > Check the remoting-config.xml if you have the method-access- > level > > > > property set to remote. To allow both public and remote this > value is > > > > set to 'public and remote'. > > > > -- > > > > > > > > João Fernandes > > > > > > > > http://www.onflexwithcf.org > > > > http://www.riapt.org > > > > > > > > > > > > > > > > > >
