Re: How secure is RDS
Dreamweaver aso needs RDS for a lot of its features, but RDS is not supposedly to be installe don production servers. If you run CF enterprise, then you can sandbox RDS access and give each user their own login and limit what folders they have access to. This is what I do on cfmldeveloper.com to allow developers to use RDS. On Wed, Mar 2, 2011 at 4:17 PM, Dave Watts wrote: > > > Way back in the day I was told RDS was horribly insecure and I wrote it > > off and never looked back. > > Neither RDS nor the CF Administrator should be exposed to untrusted > clients. They're both password protected with no auditing of failed > authentication events. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsite. > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342679 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
> Way back in the day I was told RDS was horribly insecure and I wrote it > off and never looked back. Neither RDS nor the CF Administrator should be exposed to untrusted clients. They're both password protected with no auditing of failed authentication events. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342678 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
> Now I did mention that Flex says it REQUIRES RDS to be enabled in order > to use Flex data services. This is only required to use the wizards in Flash Builder, just like you need RDS to do things in CF Builder. Once your code is written, you can deploy it to servers without RDS enabled. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342677 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
Most of my apps use multiple clients. I many times have a serviceProxy and remotingProxy. At a real basic level the remotingProxy mirrors whatever I need in the serviceProxy as remote methods. The service layer can be RESTful (put/get/post/delete), as Andrew suggested, or can be regular methods depending ont he needs of your application. What the blog post shows I how to package up your data using data transfer objects. Nic On 2/28/11 8:49 PM, "Bryan Stevenson" wrote: > >and it was the "accessor" stuff that lost me ;-) > >In simple terms are you talking about a single CFC that all other CFC >calls pass-through? I've heard that called a "facade", but whatever you >call it, it is a way of not requiring all CFCs to be of accessType >remote when using AJAX_CFC for example (at least that's what I do). > >The idea is that you pass the component and method name you want to call >and all other args are passed as part of the arg collection to the >target CFC. > >Any real code samples you know of? > >TIA > >Cheers > >On Mon, 2011-02-28 at 20:34 -0500, Nicholas Tunney wrote: > >> The article is about CF 9 ORM, but the pattern remains the same. The >>ORM >> methods are generated in cf9, but in CF8 your objects would probably >>still >> have the same accessor methods. >> >> Nic >> >> On 2/28/11 8:01 PM, "Bryan Stevenson" >> wrote: >> >> > >> >Oopsone last thing for now I think Nic >> > >> >The article seems to perhaps be more about CF 9 and ORM than Flex and >> >CFis that a safe assumption? >> > >> >I'm asking because I'm stuck on CF 8 for the time being and hoping to >> >avoid confusion between what I'm trying to do and what CF 9 can do ;-) >> > >> >Cheers >> >-- >> > >> > >> >Bryan Stevenson B.Comm. >> >VP & Director of E-Commerce Development >> >Electric Edge Systems Group Inc. >> >phone: 250.480.0642 >> >fax: 250.480.1264 >> >cell: 250.920.8830 >> >e-mail: br...@electricedgesystems.com >> >web: www.electricedgesystems.com >> > >> >Notice: >> >This message, including any attachments, is confidential and may >>contain >> >information that is privileged or exempt from disclosure. It is >>intended >> >only for the person to whom it is addressed unless expressly authorized >> >otherwise by the sender. If you are not an authorized recipient, please >> >notify the sender immediately and permanently destroy all copies of >>this >> >message and attachments. >> >Please consider the environment before printing this e-mail >> > >> > >> > >> > >> >> > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342628 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: How secure is RDS
That is one way, but a façade and/or proxy is not always the best either. Depending on one's needs an API behind a RESTful service, offers far more security and other benefits. Regards, Andrew Scott http://www.andyscott.id.au/ > -Original Message- > From: Bryan Stevenson [mailto:br...@electricedgesystems.com] > Sent: Tuesday, 1 March 2011 12:50 PM > To: cf-talk > Subject: Re: How secure is RDS > > > and it was the "accessor" stuff that lost me ;-) > > In simple terms are you talking about a single CFC that all other CFC calls pass- > through? I've heard that called a "facade", but whatever you call it, it is a way > of not requiring all CFCs to be of accessType remote when using AJAX_CFC > for example (at least that's what I do). > > The idea is that you pass the component and method name you want to call > and all other args are passed as part of the arg collection to the target CFC. > > Any real code samples you know of? > > TIA > > Cheers > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342627 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
and it was the "accessor" stuff that lost me ;-) In simple terms are you talking about a single CFC that all other CFC calls pass-through? I've heard that called a "facade", but whatever you call it, it is a way of not requiring all CFCs to be of accessType remote when using AJAX_CFC for example (at least that's what I do). The idea is that you pass the component and method name you want to call and all other args are passed as part of the arg collection to the target CFC. Any real code samples you know of? TIA Cheers On Mon, 2011-02-28 at 20:34 -0500, Nicholas Tunney wrote: > The article is about CF 9 ORM, but the pattern remains the same. The ORM > methods are generated in cf9, but in CF8 your objects would probably still > have the same accessor methods. > > Nic > > On 2/28/11 8:01 PM, "Bryan Stevenson" > wrote: > > > > >Oopsone last thing for now I think Nic > > > >The article seems to perhaps be more about CF 9 and ORM than Flex and > >CFis that a safe assumption? > > > >I'm asking because I'm stuck on CF 8 for the time being and hoping to > >avoid confusion between what I'm trying to do and what CF 9 can do ;-) > > > >Cheers > >-- > > > > > >Bryan Stevenson B.Comm. > >VP & Director of E-Commerce Development > >Electric Edge Systems Group Inc. > >phone: 250.480.0642 > >fax: 250.480.1264 > >cell: 250.920.8830 > >e-mail: br...@electricedgesystems.com > >web: www.electricedgesystems.com > > > >Notice: > >This message, including any attachments, is confidential and may contain > >information that is privileged or exempt from disclosure. It is intended > >only for the person to whom it is addressed unless expressly authorized > >otherwise by the sender. If you are not an authorized recipient, please > >notify the sender immediately and permanently destroy all copies of this > >message and attachments. > >Please consider the environment before printing this e-mail > > > > > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342626 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
The article is about CF 9 ORM, but the pattern remains the same. The ORM methods are generated in cf9, but in CF8 your objects would probably still have the same accessor methods. Nic On 2/28/11 8:01 PM, "Bryan Stevenson" wrote: > >Oopsone last thing for now I think Nic > >The article seems to perhaps be more about CF 9 and ORM than Flex and >CFis that a safe assumption? > >I'm asking because I'm stuck on CF 8 for the time being and hoping to >avoid confusion between what I'm trying to do and what CF 9 can do ;-) > >Cheers >-- > > >Bryan Stevenson B.Comm. >VP & Director of E-Commerce Development >Electric Edge Systems Group Inc. >phone: 250.480.0642 >fax: 250.480.1264 >cell: 250.920.8830 >e-mail: br...@electricedgesystems.com >web: www.electricedgesystems.com > >Notice: >This message, including any attachments, is confidential and may contain >information that is privileged or exempt from disclosure. It is intended >only for the person to whom it is addressed unless expressly authorized >otherwise by the sender. If you are not an authorized recipient, please >notify the sender immediately and permanently destroy all copies of this >message and attachments. >Please consider the environment before printing this e-mail > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342625 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
Oopsone last thing for now I think Nic The article seems to perhaps be more about CF 9 and ORM than Flex and CFis that a safe assumption? I'm asking because I'm stuck on CF 8 for the time being and hoping to avoid confusion between what I'm trying to do and what CF 9 can do ;-) Cheers -- Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: br...@electricedgesystems.com web: www.electricedgesystems.com Notice: This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. Please consider the environment before printing this e-mail ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342624 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
Thanks NicI'll do my reading!! ;-) On Mon, 2011-02-28 at 19:52 -0500, Nicholas Tunney wrote: > Check out my other reply. For the CF side of things you should be good to > go. In Flex the wizard should help you point ot your services-config, but > I;ve seen Flash Builder mess that up. Let us know if you have issues. > Also, make sure you can hit http://yourdomain.com/flex2gateway in a > browser (should return a blank page) to ensure remoting is properly > configured. > > Nic > > On 2/28/11 7:43 PM, "Bryan Stevenson" > wrote: > > > > >Thanks Nic et al > > > >I think the confusion was all mineand glad that's all it was as > >having to use RDS in PROD (as I thought was the case) would have been > >brutalamen!! > > > >Nicif I need more than to set CFC accesstype to "remote" and setup > >the data services in Flex via the wizard, please fill in the blanks for > >meif not...I think I'm done > > > >back under my rock I go ;-) > > > >Cheers > > > >On Mon, 2011-02-28 at 19:21 -0500, nic.tun...@nictunney.com wrote: > > > >> I'll check the link when I am home, but I use flash remoting all the > >>time which uses blaze ds under the hood. You should never install rds > >>in production. > >> > >> Sent from my Verizon Wireless Phone > >> > >> - Reply message - > >> From: "Andrew Scott" > >> Date: Mon, Feb 28, 2011 7:08 pm > >> Subject: How secure is RDS > >> To: "cf-talk" > >> > >> > >> I don't see any where that it mentions using RDS to communicate with > >> Flex<->ColdFusion. > >> > >> I am no expert in Flash/Flex development but I am under the impression > >>the > >> Flash Remoting on ColdFusion is the way Flash talks to ColdFusion, > >>however > >> in development the Flash Builder might require RDS to do Flash > >>development. > >> > >> Regards, > >> Andrew Scott > >> http://www.andyscott.id.au/ > >> > >> > >> > -Original Message- > >> > From: Bryan Stevenson [mailto:br...@electricedgesystems.com] > >> > Sent: Tuesday, 1 March 2011 11:03 AM > >> > To: cf-talk > >> > Subject: Re: How secure is RDS > >> > > >> > > >> > OK then Nic/Mark > >> > > >> > > >>http://www.adobe.com/devnet/flex/articles/fcf_ataglance_flex_coldfusion. > >> > html > >> > > >> > Seems to contradict you guys > >> > > >> > I'd love a non-webservice and non-RDS enabled solution, but Adobe > >>seems > >> > to think RDS is the way?? I am in no way wanting to use RDS and not > >> > disagreeing with anyone's comments about its insecurty. > >> > > >> > ...and please"it doesn't" is not a solution. Nic, if you know it > >> doesn'tcan > >> > you provide the method of using CFCs in Flex that works for you? > >> > > >> > Thanks in advance > >> > > >> > Cheers > >> > > >> > >> > >> > >> > >> > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342623 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
Check out my other reply. For the CF side of things you should be good to go. In Flex the wizard should help you point ot your services-config, but I;ve seen Flash Builder mess that up. Let us know if you have issues. Also, make sure you can hit http://yourdomain.com/flex2gateway in a browser (should return a blank page) to ensure remoting is properly configured. Nic On 2/28/11 7:43 PM, "Bryan Stevenson" wrote: > >Thanks Nic et al > >I think the confusion was all mineand glad that's all it was as >having to use RDS in PROD (as I thought was the case) would have been >brutalamen!! > >Nicif I need more than to set CFC accesstype to "remote" and setup >the data services in Flex via the wizard, please fill in the blanks for >meif not...I think I'm done > >back under my rock I go ;-) > >Cheers > >On Mon, 2011-02-28 at 19:21 -0500, nic.tun...@nictunney.com wrote: > >> I'll check the link when I am home, but I use flash remoting all the >>time which uses blaze ds under the hood. You should never install rds >>in production. >> >> Sent from my Verizon Wireless Phone >> >> - Reply message - >> From: "Andrew Scott" >> Date: Mon, Feb 28, 2011 7:08 pm >> Subject: How secure is RDS >> To: "cf-talk" >> >> >> I don't see any where that it mentions using RDS to communicate with >> Flex<->ColdFusion. >> >> I am no expert in Flash/Flex development but I am under the impression >>the >> Flash Remoting on ColdFusion is the way Flash talks to ColdFusion, >>however >> in development the Flash Builder might require RDS to do Flash >>development. >> >> Regards, >> Andrew Scott >> http://www.andyscott.id.au/ >> >> >> > -Original Message- >> > From: Bryan Stevenson [mailto:br...@electricedgesystems.com] >> > Sent: Tuesday, 1 March 2011 11:03 AM >> > To: cf-talk >> > Subject: Re: How secure is RDS >> > >> > >> > OK then Nic/Mark >> > >> > >>http://www.adobe.com/devnet/flex/articles/fcf_ataglance_flex_coldfusion. >> > html >> > >> > Seems to contradict you guys >> > >> > I'd love a non-webservice and non-RDS enabled solution, but Adobe >>seems >> > to think RDS is the way?? I am in no way wanting to use RDS and not >> > disagreeing with anyone's comments about its insecurty. >> > >> > ...and please"it doesn't" is not a solution. Nic, if you know it >> doesn'tcan >> > you provide the method of using CFCs in Flex that works for you? >> > >> > Thanks in advance >> > >> > Cheers >> > >> >> >> >> >> > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342622 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
I don't see anything about RDS in that article. The only thing I can think of if you saw it somewhere else is that RDS can be used to generate CFCs, but still, do this in dev only. You have several options for hitting CFC via remoting, including RTMP and AMF. There are lots of good articles out there on configuring endpoints in your services config. As for creating the objects in CF and making them available to Flex, here's one from a fellow I quite trust: http://blog.nictunney.com/2010/10/using-coldfusion-orm-with-flash.html -Nic On 2/28/11 7:21 PM, "nic.tun...@nictunney.com" wrote: > >I'll check the link when I am home, but I use flash remoting all the time >which uses blaze ds under the hood. You should never install rds in >production. > >Sent from my Verizon Wireless Phone > >- Reply message - >From: "Andrew Scott" >Date: Mon, Feb 28, 2011 7:08 pm >Subject: How secure is RDS >To: "cf-talk" > > >I don't see any where that it mentions using RDS to communicate with >Flex<->ColdFusion. > >I am no expert in Flash/Flex development but I am under the impression the >Flash Remoting on ColdFusion is the way Flash talks to ColdFusion, however >in development the Flash Builder might require RDS to do Flash >development. > >Regards, >Andrew Scott >http://www.andyscott.id.au/ > > >> -Original Message----- >> From: Bryan Stevenson [mailto:br...@electricedgesystems.com] >> Sent: Tuesday, 1 March 2011 11:03 AM >> To: cf-talk >> Subject: Re: How secure is RDS >> >> >> OK then Nic/Mark >> >> http://www.adobe.com/devnet/flex/articles/fcf_ataglance_flex_coldfusion. >> html >> >> Seems to contradict you guys >> >> I'd love a non-webservice and non-RDS enabled solution, but Adobe seems >> to think RDS is the way?? I am in no way wanting to use RDS and not >> disagreeing with anyone's comments about its insecurty. >> >> ...and please"it doesn't" is not a solution. Nic, if you know it >doesn'tcan >> you provide the method of using CFCs in Flex that works for you? >> >> Thanks in advance >> >> Cheers >> > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342621 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
Thanks Nic et al I think the confusion was all mineand glad that's all it was as having to use RDS in PROD (as I thought was the case) would have been brutalamen!! Nicif I need more than to set CFC accesstype to "remote" and setup the data services in Flex via the wizard, please fill in the blanks for meif not...I think I'm done back under my rock I go ;-) Cheers On Mon, 2011-02-28 at 19:21 -0500, nic.tun...@nictunney.com wrote: > I'll check the link when I am home, but I use flash remoting all the time > which uses blaze ds under the hood. You should never install rds in > production. > > Sent from my Verizon Wireless Phone > > - Reply message - > From: "Andrew Scott" > Date: Mon, Feb 28, 2011 7:08 pm > Subject: How secure is RDS > To: "cf-talk" > > > I don't see any where that it mentions using RDS to communicate with > Flex<->ColdFusion. > > I am no expert in Flash/Flex development but I am under the impression the > Flash Remoting on ColdFusion is the way Flash talks to ColdFusion, however > in development the Flash Builder might require RDS to do Flash development. > > Regards, > Andrew Scott > http://www.andyscott.id.au/ > > > > -Original Message- > > From: Bryan Stevenson [mailto:br...@electricedgesystems.com] > > Sent: Tuesday, 1 March 2011 11:03 AM > > To: cf-talk > > Subject: Re: How secure is RDS > > > > > > OK then Nic/Mark > > > > http://www.adobe.com/devnet/flex/articles/fcf_ataglance_flex_coldfusion. > > html > > > > Seems to contradict you guys > > > > I'd love a non-webservice and non-RDS enabled solution, but Adobe seems > > to think RDS is the way?? I am in no way wanting to use RDS and not > > disagreeing with anyone's comments about its insecurty. > > > > ...and please"it doesn't" is not a solution. Nic, if you know it > doesn'tcan > > you provide the method of using CFCs in Flex that works for you? > > > > Thanks in advance > > > > Cheers > > > > > > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342620 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
I'll check the link when I am home, but I use flash remoting all the time which uses blaze ds under the hood. You should never install rds in production. Sent from my Verizon Wireless Phone - Reply message - From: "Andrew Scott" Date: Mon, Feb 28, 2011 7:08 pm Subject: How secure is RDS To: "cf-talk" I don't see any where that it mentions using RDS to communicate with Flex<->ColdFusion. I am no expert in Flash/Flex development but I am under the impression the Flash Remoting on ColdFusion is the way Flash talks to ColdFusion, however in development the Flash Builder might require RDS to do Flash development. Regards, Andrew Scott http://www.andyscott.id.au/ > -Original Message- > From: Bryan Stevenson [mailto:br...@electricedgesystems.com] > Sent: Tuesday, 1 March 2011 11:03 AM > To: cf-talk > Subject: Re: How secure is RDS > > > OK then Nic/Mark > > http://www.adobe.com/devnet/flex/articles/fcf_ataglance_flex_coldfusion. > html > > Seems to contradict you guys > > I'd love a non-webservice and non-RDS enabled solution, but Adobe seems > to think RDS is the way?? I am in no way wanting to use RDS and not > disagreeing with anyone's comments about its insecurty. > > ...and please"it doesn't" is not a solution. Nic, if you know it doesn'tcan > you provide the method of using CFCs in Flex that works for you? > > Thanks in advance > > Cheers > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342619 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
On Mon, Feb 28, 2011 at 7:02 PM, Bryan Stevenson < br...@electricedgesystems.com> wrote: > > OK then Nic/Mark > > > http://www.adobe.com/devnet/flex/articles/fcf_ataglance_flex_coldfusion.html > > Seems to contradict you guys > > I'd love a non-webservice and non-RDS enabled solution, but Adobe seems > to think RDS is the way?? I am in no way wanting to use RDS and not > disagreeing with anyone's comments about its insecurty. > > ...and please"it doesn't" is not a solution. Nic, if you know it > doesn'tcan you provide the method of using CFCs in Flex that works > for you? > > Thanks in advance > > Cheers > > No, it's saying if you use Flash Bulder, you should have a server setup with RDS so you can develop, this is 99% of the time a local coldfusion install with RDS. Figure 1. Using CFCs in Flex application development 1. First, you create the CFC function and set its access property to remote. Then you use the Flash Builder Data Services wizard to connect to the CFC. 2. The wizard actually goes out, retrieves the CFC, etc.. For wizards to work, you would need RDS accessible form somewhere (localhost) but the end result is still a ColdFusion Component set to Access Remote. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342618 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: How secure is RDS
I don't see any where that it mentions using RDS to communicate with Flex<->ColdFusion. I am no expert in Flash/Flex development but I am under the impression the Flash Remoting on ColdFusion is the way Flash talks to ColdFusion, however in development the Flash Builder might require RDS to do Flash development. Regards, Andrew Scott http://www.andyscott.id.au/ > -Original Message- > From: Bryan Stevenson [mailto:br...@electricedgesystems.com] > Sent: Tuesday, 1 March 2011 11:03 AM > To: cf-talk > Subject: Re: How secure is RDS > > > OK then Nic/Mark > > http://www.adobe.com/devnet/flex/articles/fcf_ataglance_flex_coldfusion. > html > > Seems to contradict you guys > > I'd love a non-webservice and non-RDS enabled solution, but Adobe seems > to think RDS is the way?? I am in no way wanting to use RDS and not > disagreeing with anyone's comments about its insecurty. > > ...and please"it doesn't" is not a solution. Nic, if you know it doesn'tcan > you provide the method of using CFCs in Flex that works for you? > > Thanks in advance > > Cheers > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342616 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
...and I've re-read the link I just posted and I may be confused about the role of RDS in all this. It may only be required for CFC introspection in Flex Builder 4. I may very well have confused a bunch of articles that said RDS had to be enabled.then landed on the Adobe page thinking I'd landed there from one of the articles saying I needed RDS.sorry for the confusion (although it was probably worse for me...hehe). So Nic.would you say you just point Flex Builder to your CFC location and it sucks in the pertinent details and allows you to set it up as a Flex Data Service? TIA Cheers On Mon, 2011-02-28 at 16:02 -0800, Bryan Stevenson wrote: > OK then Nic/Mark > > http://www.adobe.com/devnet/flex/articles/fcf_ataglance_flex_coldfusion.html > > Seems to contradict you guys > > I'd love a non-webservice and non-RDS enabled solution, but Adobe seems > to think RDS is the way?? I am in no way wanting to use RDS and not > disagreeing with anyone's comments about its insecurty. > > ...and please"it doesn't" is not a solution. Nic, if you know it > doesn'tcan you provide the method of using CFCs in Flex that works > for you? > > Thanks in advance > > Cheers > > On Mon, 2011-02-28 at 18:42 -0500, nic.tun...@nictunney.com wrote: > > > It doesn't. > > > > Nic > > > > Sent from my Verizon Wireless Phone > > > > - Reply message - > > From: "Mark Mandel" > > Date: Mon, Feb 28, 2011 6:27 pm > > Subject: How secure is RDS > > To: "cf-talk" > > > > > > I'm no Flex guru by any stretch, but I've never heard this one before (and > > find it kinda hard to believe?) > > > > Can anyone who has more Flex experience confirm this? > > > > Mark > > > > On Tue, Mar 1, 2011 at 7:25 AM, Bryan Stevenson < > > br...@electricedgesystems.com> wrote: > > > > > Now I did mention that Flex says it REQUIRES RDS to be enabled in order > > > to use Flex data services. > > > > > > > > > > > -- Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: br...@electricedgesystems.com web: www.electricedgesystems.com Notice: This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. Please consider the environment before printing this e-mail ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342615 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
OK then Nic/Mark http://www.adobe.com/devnet/flex/articles/fcf_ataglance_flex_coldfusion.html Seems to contradict you guys I'd love a non-webservice and non-RDS enabled solution, but Adobe seems to think RDS is the way?? I am in no way wanting to use RDS and not disagreeing with anyone's comments about its insecurty. ...and please"it doesn't" is not a solution. Nic, if you know it doesn'tcan you provide the method of using CFCs in Flex that works for you? Thanks in advance Cheers On Mon, 2011-02-28 at 18:42 -0500, nic.tun...@nictunney.com wrote: > It doesn't. > > Nic > > Sent from my Verizon Wireless Phone > > - Reply message - > From: "Mark Mandel" > Date: Mon, Feb 28, 2011 6:27 pm > Subject: How secure is RDS > To: "cf-talk" > > > I'm no Flex guru by any stretch, but I've never heard this one before (and > find it kinda hard to believe?) > > Can anyone who has more Flex experience confirm this? > > Mark > > On Tue, Mar 1, 2011 at 7:25 AM, Bryan Stevenson < > br...@electricedgesystems.com> wrote: > > > Now I did mention that Flex says it REQUIRES RDS to be enabled in order > > to use Flex data services. > > > > > -- Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: br...@electricedgesystems.com web: www.electricedgesystems.com Notice: This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. Please consider the environment before printing this e-mail ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342614 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
It doesn't. Nic Sent from my Verizon Wireless Phone - Reply message - From: "Mark Mandel" Date: Mon, Feb 28, 2011 6:27 pm Subject: How secure is RDS To: "cf-talk" I'm no Flex guru by any stretch, but I've never heard this one before (and find it kinda hard to believe?) Can anyone who has more Flex experience confirm this? Mark On Tue, Mar 1, 2011 at 7:25 AM, Bryan Stevenson < br...@electricedgesystems.com> wrote: > Now I did mention that Flex says it REQUIRES RDS to be enabled in order > to use Flex data services. > -- E: mark.man...@gmail.com T: http://www.twitter.com/neurotic W: www.compoundtheory.com cf.Objective(ANZ) - Nov 17, 18 - Melbourne Australia http://www.cfobjective.com.au Hands-on ColdFusion ORM Training www.ColdFusionOrmTraining.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342613 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
I'm no Flex guru by any stretch, but I've never heard this one before (and find it kinda hard to believe?) Can anyone who has more Flex experience confirm this? Mark On Tue, Mar 1, 2011 at 7:25 AM, Bryan Stevenson < br...@electricedgesystems.com> wrote: > Now I did mention that Flex says it REQUIRES RDS to be enabled in order > to use Flex data services. > -- E: mark.man...@gmail.com T: http://www.twitter.com/neurotic W: www.compoundtheory.com cf.Objective(ANZ) - Nov 17, 18 - Melbourne Australia http://www.cfobjective.com.au Hands-on ColdFusion ORM Training www.ColdFusionOrmTraining.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342612 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: How secure is RDS
Thanks Ben/Matt! Now I did mention that Flex says it REQUIRES RDS to be enabled in order to use Flex data services. The only alternative I see is to call the CFCs as webservices instead of as a Flex data service. Calling local webservices would have a tonne of extra overhead.seems like the wrong way. Sorry for the cross-over to Flex, but I hoped there were some cross-over folks on-list. Cheers On Mon, 2011-02-28 at 14:58 -0500, Ben Forta wrote: > Short answer, how secure RDS is or isn't is really not the issue. What is > more important is that security fundamentals demand that you don't run > anything not completely necessary on production boxes. Your HTTP server is > necessary, remote access services (be it RDS or FTP or ...) are generally > not necessary and therefore should not be running. Now on a development box, > sure, go ahead, but on production boxes, nope, don't. > > --- Ben > > > > -Original Message- > From: Bryan Stevenson [mailto:br...@electricedgesystems.com] > Sent: Sunday, February 27, 2011 2:07 PM > To: cf-talk > Subject: How secure is RDS > > > let's try that again... ;-) > > Hi All, > > Way back in the day I was told RDS was horribly insecure and I wrote it off > and never looked back. > > Well now I'm into Flex and it uses RDS in order to use CF data services (or > I can use webservices). > > So how safe is having RDS enabled? Any good tutorials on setting it up > right? > > I have done some searching, but there is a lot of noise given the long life > of CF and the huge volume of old articles talking about RDS being insecure > ;-) > > TIA > > Cheers -- Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: br...@electricedgesystems.com web: www.electricedgesystems.com Notice: This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. Please consider the environment before printing this e-mail ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342610 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: How secure is RDS
Short answer, how secure RDS is or isn't is really not the issue. What is more important is that security fundamentals demand that you don't run anything not completely necessary on production boxes. Your HTTP server is necessary, remote access services (be it RDS or FTP or ...) are generally not necessary and therefore should not be running. Now on a development box, sure, go ahead, but on production boxes, nope, don't. --- Ben -Original Message- From: Bryan Stevenson [mailto:br...@electricedgesystems.com] Sent: Sunday, February 27, 2011 2:07 PM To: cf-talk Subject: How secure is RDS let's try that again... ;-) Hi All, Way back in the day I was told RDS was horribly insecure and I wrote it off and never looked back. Well now I'm into Flex and it uses RDS in order to use CF data services (or I can use webservices). So how safe is having RDS enabled? Any good tutorials on setting it up right? I have done some searching, but there is a lot of noise given the long life of CF and the huge volume of old articles talking about RDS being insecure ;-) TIA Cheers -- Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: br...@electricedgesystems.com web: www.electricedgesystems.com Notice: This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. Please consider the environment before printing this e-mail ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342609 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: How secure is RDS
RDS in production is still a no-no. :-) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342607 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm