I've been tinkering with the services-config.xml file in the wwwroot/WEB-INF/flex/ directory, specifically the <method-access-level> switch. The thing is, it doesn't seem to do anything (yes, I did restart the CF server). Whether it is set to "public" or "remote", any Flex app can access both public and remote functions (while older Flash apps can access only remote functions). This is true even if the Flex app is loaded from the local hard drive.
What I'm trying to do is to prevent Flex apps from accessing public functions. It doesn't make sense to me that you can't create server-side only CFCs. ie. utility components meant only for other CFCs to use. These utility CFCs need to have their functions marked public, but as soon as you do that, any Flex app can then access them remotely? Am I missing something? On 12/14/06, phillips1021 <[EMAIL PROTECTED]> wrote:
Kevin Schmidt posted this in response to a blog entry on Ray Camden's blog: you only need to set access=remote if you are using flex with web services. If you are usimg AMF (Flash Remoting) you don't need to set access=remote. See: http://ray.camdenfamily.com/index.cfm/2006/11/24/Next-build-of-my-Flex-2ColdFusion-Security-Homework#more and check the comments It makes sense since both the Flex app and the CFC are on the same host, just like the CFM file and the CFC are on the same host.