NetworkNewz About Us iEntry
Contact
June 21, 2010
Remotely Connecting To Coldfusion CFCs Through Flex
By Stefan Richter
Today I was working on a Flex application which uses a lot of Remoting calls to a bunch of ColdFusion CFC methods. I wondered what the most efficient way of securing these methods would be since they are effectively wide open to the world as they all (have to) specify access="remote". This means that anyone with a web browser can invoke the methods and they will even return nice error messages when certain parameters are missing.

One way of restricting access would be to run all Remoting calls through an intermediate page or CFC which handles authentication and access control and which in turn invokes the (now private) CFC methods. I found this a bit cumbersome and I also knew that there was a better way I remembered the setCredentials method back from the AS2 days. You can see this described in greater detail by Brandon Purcell in his MAX session Securing Applications from 2003(!), but unfortunately it is not directly usabel in today's Flex world.

Continue Reading
Today's Top Videos:
How Accurate Are Search Results?
It's interesting how much weight we put on search results. Search is not only the primary method that we use...
How Caffeine Is Already Changing...
When people talk about the future of search, they often include factors such as mobile, social, real-time, and other...
Openness and Privacy: Finding the...
Can a person be both open and maintain his privacy? It's an interesting scenario and one that many people find themselves...
Recent Articles:
Cirrus Clouds
Cloud computing has become the standard form of deploying large-scale web applications. Recently, I was asked about a servicing a start-up web service that projects itself having the type of user base and bandwidth that only a Cloud could properly serve. The issue...
Read More...
Got xsploitin' skillz? Heres how to get rich!
Software crackers who make money breaking other people's software don't usually get rich from their skills. With the release of iDefense Labs report on Emerging Economic Models for Vulnerability Research, this may be changing.
Read More...
Penetration testing with Metasploit
When recommending penetration testing for a corporate network the first question is usually, "Why would we need penetration testing?" The first answer is, if you don't they will. Everyday malicious and sometimes just overly curious people...
Read More...
Other iEntry Business Resources:
- WebProNews.com
- Jayde.com
- MarketingNewz.com
- SalesNewz.com
- CareerNewz.com
- InvestNewz.com
- eCommNewz.com
- WebsiteNotes.com
- AdvertisingDay.com
iEntry
-- NetworkNewz is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2010 iEntry, Inc. All Rights Reserved Privacy Policy Legal