Besides the programmatic solution, you should consider your network layer. For a given website, you can set your web server to only accept requests from a given IP.
You can also have your network administration apply security at the firewall and router level as well for pass throughs. If you pass credentials into a CFC, you might as well think about database security based upon user permissions, so that users do not have extended privileges. So in short, lock the IP before CF is called at the web server layer. Send credentials to the CFC at the middle ware level and then apply security at the database layer. On 3/27/07, Chad Gray <[EMAIL PROTECTED]> wrote:
I found this method that appears to pass login and password. I will have to experiment with it. http://livedocs.adobe.com/flex/201/langref/mx/rpc/remoting/RemoteObject.html#setRemoteCredentials()<http://livedocs.adobe.com/flex/201/langref/mx/rpc/remoting/RemoteObject.html#setRemoteCredentials%28%29> ------------------------------ *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *zhou *Sent:* Tuesday, March 27, 2007 5:31 AM *To:* [email protected] *Subject:* RE: [CFCDEV] cfc protection Hi Chad Programmly, I would suggest build a security check function in your cfc which check the caller's IP (in your case the caller is the Apollo app) and caller's username and password.(to retrieve caller's IP, you can have a look at the cgi.REMOTE_ADDR). Then there are two ways you can use this method You can Either call this security function inside the functions you want to secure. But that means you have to pass in username/password for every function you call. Or make the security check function to a web service as well (access="remote"). After checking caller's credentials, build a login session just like a normal login process will do. Then you can check this session variable in the functions you want to secure. Coldfusion web service also support a role base security check which you can have a look at the Adobe live documentation for detail. But I think it's less secure than the above method. Hope this will help Zhou Yu Senior Developer Macromedia Certified Advance Coldfusion Developer MSc Information System Development 01273 321 081 www.greenhouse-design.co.uk Greenhouse Design Ltd 41-43 Portland Road Hove, East Sussex BN3 5DQ The information contained in this email is confidential and may be legally priveleged. Except where expressly indicated, it may not necessarily represent the views of Greenhouse Design Ltd. This email is intended solely for the addressee (s) and we ask that any unauthorised recipient advise the sender immediately. If you are not the intended recipient any disclosure, copying, distribution or any other action taken in reliance on it, is prohibitive and may be unlawful. You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected] You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
-- Teddy R. Payne Adobe Certified ColdFusion MX 7 Developer Google Talk - [EMAIL PROTECTED] Atlanta ColdFusion User Group - http://www.acfug.org Atlanta Flash & Flex User Group - http://www.affug.org You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
