Difference between revisions of "Security"
From ADF Docs
(Created page with '== Overview == ADF security framework contains measures to restrict direct access and remote component access. Security Measures include: # As a rule of thumb none of the compon…') |
(→Overview) |
||
| Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
| − | ADF security framework contains measures to restrict direct access and remote component access. | + | The ADF security framework contains measures to restrict direct access and remote component access. |
Security Measures include: | Security Measures include: | ||
| − | # As a rule of thumb none of the component methods within the ADF library have functions with methods with "remote" access | + | # As a rule of thumb, none of the component methods within the ADF library have functions with methods with "remote" access |
| − | # Direct access to the ADF files are restricted to only valid logged in CommonSpot users. This is controlled through the ADF root Application.cfc. In the ''onRequestStart'' function, logic is run to verify | + | # Direct access to the ADF files are restricted to only valid, logged in CommonSpot users. This is controlled through the ADF root Application.cfc. In the ''onRequestStart'' function, logic is run to verify the user accessing the file directly is a logged in CommonSpot user. |
# Remote access to component methods are requested through an [[Ajax Proxy| Ajax Proxy]] that essentially allows access to methods in the ADF via a [[ Proxy White List | Proxy White List]]. | # Remote access to component methods are requested through an [[Ajax Proxy| Ajax Proxy]] that essentially allows access to methods in the ADF via a [[ Proxy White List | Proxy White List]]. | ||
| + | |||
| + | [[Category: Security]] | ||
Revision as of 23:12, 19 December 2009
Overview
The ADF security framework contains measures to restrict direct access and remote component access.
Security Measures include:
- As a rule of thumb, none of the component methods within the ADF library have functions with methods with "remote" access
- Direct access to the ADF files are restricted to only valid, logged in CommonSpot users. This is controlled through the ADF root Application.cfc. In the onRequestStart function, logic is run to verify the user accessing the file directly is a logged in CommonSpot user.
- Remote access to component methods are requested through an Ajax Proxy that essentially allows access to methods in the ADF via a Proxy White List.
