Home Tutorials Forums Articles Blogs Movies Library Employment Press
Prev Previous Post   Next Post Next
Old 02-03-2003, 06:25 PM   #1
sTango's Avatar
Join Date: Jan 2003
Location: Waterford, Mi
Posts: 51
Default Flash Remoting Security.. with CFMX

I have some questions for anyone who has handled selective access to CFC's. And yes I have read up on remoting, as well as from the Macromedia site Securing Access to Cold Fusion from Flash Remoting MX.

This is the process as I understand it:

1. The flash movie sends a userid and password to the remote host (in this case a Cold fusion server that holds my CFC as well as an application.cfm) as well as the call for whatever function it needs results from.

2. The application.cfm captures the userid and password and performs some authentication process (obviously designed by the developer) at that point if the login to the db(where we store the userid and password) is successful, the cfloginuser tag executes and gives the user certain rights based upon their profile.

3. The CFc loads and when the cffunction tag being called attempts to execute, it checks the right of the user to see if they match the logged in users.

4. If the user has been authenticated, the function executes normally, if not it sends an error to flash which can be viewed which states "Current user was not authorized to invoke this method".

This is what I dont understand:

1. What exactly does cold fusion see when it gets the header information from flash? (ie, name and scope of passed params). I have a feeling that I am not referring correctly to the object in my application.cfm code, which is why it does not authenticate the user.

My code is below.

My flash movie does the following:

gatewayConnnection = NetServices.createGatewayConnection();
gatewayConnnection.setCredentials("bob","password" );
TrackIT= gatewayConnnection.getService("devCenter.TrackIT", this);

my application.cfm does the following:

<cfif isDefined("cflogin")>
<cfif cflogin.name eq "bob">
<cfloginuser name="#cflogin.userid#" password="#cflogin.password#" roles="admin">

my cfc does the following:

<cffunction name="getLoginList" access="remote" returnType="query" roles="admin">
<cfquery name="get_Employees" datasource="TrackIT">
Select Distinct(Request) from Tasks
<cfreturn get_Employees>
sTango is offline   Reply With Quote

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

All times are GMT. The time now is 12:30 PM.

Follow actionscriptorg on Twitter


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Ad Management plugin by RedTyger
Copyright 2000-2013 ActionScript.org. All Rights Reserved.
Your use of this site is subject to our Privacy Policy and Terms of Use.