OK, I have come across something that I find VERY disturbing. It
appears that the Flex2Gateway can invoke any access=remote or
access=public CFFunction.
I have developed a very large OO application for use with a Flex front
end. My gateway components are all declared with remote access
functions but their roles are properly set to NOT allow unauthorized
access. The model objects all have their methods declared public with
no roles defined... because, well, i assumed they couldn't be invoked
directly from the web.
Does anyone know if it is possible to change the scope of what the
Flex2Gateway will allow access to? Perhaps I am off base here... maybe
there is some higher level security which I am missing.
Thanks,
Geoff