Thank you Tom.
I'm just trying to use setRemoteCredentials("myUserName",
"myPassword"); method in each remote object call and check
usrename/password in my Application.cfc using <cflogin>. Is there any
problem with this?
Regards,
Jerry
--- In [email protected], Tom Chiverton <[EMAIL PROTECTED]>
wrote:
>
> On Thursday 07 Feb 2008, slash_n_rose wrote:
> > 1) Is there any security flaws in RemoteObject?
>
> I'm not aware of any.
>
> > to call my cfcs and need to secure my application without
> > session. Is it a better method to check a server generated GUID
> > in each call?.
>
> If your operations modify data, return confidential data or have
external
> effects, you should be doing some sort of token-based security on
every call,
> yes.
> And TLS.
> But it sounds like you know this.
>
> > 2) Is there any hack attacks reported against Flex applications
> > especially in remoting?
>
> I'm sure there are, or very shortly will be. It's just another bit
of an
> application, like a form or page with URL variables.
>
> --
> Tom Chiverton
> Helping to enthusiastically disintermediate 24/365 materials
> on: http://thefalken.livejournal.com
>
