here's another possibilty: If you're using CF9 and the built in AJAX functionality you can use the "verifyClient" attribute of CFFUNCTION to attach a security token to each request. CF will look for the token, if it doesn't see it, the request will be denied
On Fri, Aug 13, 2010 at 2:17 PM, Andy Matthews <li...@commadelimited.com> wrote: > > I have a method that I'm exposing remotely. We'll be using AJAX calls to > insert usability stats about a new application. I'm working through the code > when I realize that since it's remote access, anyone from any site could post > to it and skew our results. > > I'm wondering what's the best way to prevent access to this URL from any > other site, or code. My first thought was to compare the current URL, dev1 > for example, to the URL the request was made from, or perhaps the IP address. > But I'm not sure how to get that information. > > Anyone have ideas? > > > > andy matthews > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336271 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm