> I?m just concerns about the security aspect of my facade CFC methods? what can really happen in the real word with my ?remote? > CFC methods!...
My comment on this is that ANY application you write that has an interface to client software (be it Flash or HTML) exposes your "API" (be it by remote CFC calls, or by straight web calls) to the outside world. You have to ensure your information is secure and that the API can only be called by an "authorised" source. You can either use the CF authentication mechanism or build your own. For the webservices that I have developed so far, the security has been of the "build your own" type. The calling application must call authentication routines to validate the user and then obtain a security "token" (which happens to be a GUID/UUID). These tokens are expired periodically. The concept is similar to the "session" concept but has some additional layers in it to make "hacking" a little more difficult. This token is then passed with every successive call to the server. This would be required by a Flash app, a HTML page, a C++ app, or anything else calling the web service. While a Flash application can help protect your intellectual property by hiding the code for your user interface (albeit without reverse engineering) it doesnt really add anything to "security" of your client/server model unless you build it in. Your facade CFC's should enable some type of security for outside world access and only call your actual CFC methods if the facade is correctly authenticated. Gary Menzel Web Development Manager IT Operations Brisbane -+- ABN AMRO Morgans Limited Level 29, 123 Eagle Street BRISBANE QLD 4000 PH: 07 333 44 828 FX: 07 3834 0828 **************************************************************************** If this communication is not intended for you and you are not an authorised recipient of this email you are prohibited by law from dealing with or relying on the email or any file attachments. This prohibition includes reading, printing, copying, re-transmitting, disseminating, storing or in any other way dealing or acting in reliance on the information. If you have received this email in error, we request you contact ABN AMRO Morgans Limited immediately by returning the email to [EMAIL PROTECTED] and destroy the original. We will refund any reasonable costs associated with notifying ABN AMRO Morgans. This email is confidential and may contain privileged client information. ABN AMRO Morgans has taken reasonable steps to ensure the accuracy and integrity of all its communications, including electronic communications, but accepts no liability for materials transmitted. Materials may also be transmitted without the knowledge of ABN AMRO Morgans. ABN AMRO Morgans Limited its directors and employees do not accept liability for the results of any actions taken or not on the basis of the information in this report. ABN AMRO Morgans Limited and its associates hold or may hold securities in the companies/trusts mentioned herein. Any recommendation is made on the basis of our research of the investment and may not suit the specific requirements of clients. Assessments of suitability to an individual's portfolio can only be made after an examination of the particular client's investments, financial circumstances and requirements. **************************************************************************** ---------------------------------------------------------- You are subscribed to cfcdev. To unsubscribe, send an email to [EMAIL PROTECTED] with the word 'unsubscribe cfcdev' in the message of the email. CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com). An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
