Our flex application is using <mx:WebService> where the web service is a ColdFusion CFC. Works great. Now we need to deploy the application and the web service in a production environment across SSL, and ensure that not just any application can call that web service.
With Flex calling the ColdFusion web service, we cannot hold the credentials in a session scope because there isn't one for a web service. (?) How do we make sure no unauthorized consumers succeed in getting data back from our web service calls? Are we going to have to pass credentials to the web service on every call?
