Wouldn't AJAX requests be coming from the user's web browser IP? On Mon, Jul 21, 2008 at 10:52 AM, Mischa Uppelschoten ext 10 < [EMAIL PROTECTED]> wrote:
> That is a really good question and I'm curious about the input from the > group. Maybe use permissions on a webserver/file level? All legit requests > would be coming from > localhost/127.0.0.1/server's<http://127.0.0.1/server%27s>IP address, right? > /m > > > But, what's the best way to give access to my valid > : CFM pages with Ajax and prevent access by bad guys? > > : Thanks for any ideas! > > : Clarke > > > > > > : ------------------------------------------------------------- > : To unsubscribe from this list, manage your profile @ > : http://www.acfug.org?fa=login.edituserform > > : For more info, see http://www.acfug.org/mailinglists > : Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > : List hosted by http://www.fusionlink.com > : ------------------------------------------------------------- > > > > > > > > > > Mischa Uppelschoten > The Banker's Exchange, LLC. > 4200 Highlands Parkway SE > Suite A > Smyrna, GA 30082-5198 > > Phone: (404) 605-0100 ext. 10 > Fax: (404) 355-7930 > Web: www.BankersX.com > Follow this link for Instant Web Chat: > http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN > ---------- Original Message ---------- > > FROM: "Clarke Bishop" <[EMAIL PROTECTED]> > TO: <discussion@acfug.org> > DATE: Mon, 21 Jul 2008 10:46:09 -0400 > > SUBJECT: [ACFUG Discuss] Securing CFCs > > I have one remaining problem to solve in my adventure with CF/Ajax. The > CFCs > have to have access="remote". > > But, this means anyone can access the methods. What I built is a > master/detail, CRUD thing for administering users. So, I obviously don't > want some unauthorized person deleting my users or adding new ones. > > Normally, I've used access="public" before which wouldn't let an outside > user get to the methods. But, what's the best way to give access to my > valid > CFM pages with Ajax and prevent access by bad guys? > > Thanks for any ideas! > > Clarke > > > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?falogin.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > ------------------------------------------------------------- > > > > -- Howard Fore, [EMAIL PROTECTED] "The universe tends toward maximum irony. Don't push it." - Jeff Atwood ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------