subject:"\[flexcoders\] Flex2Gateway Security Question"

Re: [flexcoders] Flex2Gateway Security Question

2007-10-26 Thread João Fernandes

by default you can only invoke remote functions, not public ones. To 
allow public functions to be called from a flex front-end you need to 
change de configuration of the ColdFusion destination.
Check the remoting-config.xml if you have the method-access-level 
property set to remote. To allow both public and remote this value is 
set to 'public and remote'.
-- 

João Fernandes

http://www.onflexwithcf.org
http://www.riapt.org

[flexcoders] Flex2Gateway Security Question

2007-10-26 Thread geoffreymina

OK, I have come across something that I find VERY disturbing.  It 
appears that the Flex2Gateway can invoke any access=remote or 
access=public CFFunction.

I have developed a very large OO application for use with a Flex front 
end.  My gateway components are all declared with remote access 
functions but their roles are properly set to NOT allow unauthorized 
access.  The model objects all have their methods declared public with 
no roles defined... because, well, i assumed they couldn't be invoked 
directly from the web.

Does anyone know if it is possible to change the scope of what the 
Flex2Gateway will allow access to?  Perhaps I am off base here... maybe 
there is some higher level security which I am missing.

Thanks,
Geoff

Re: [flexcoders] Flex2Gateway Security Question

[flexcoders] Flex2Gateway Security Question

2 matches

Site Navigation

Mail list logo

Footer information