Ask a Jedi: Question about CFC Security

This post is more than 2 years old.

Timothy asks:

Are there security advantages to having cfc's located outside of the webroot in the gateway/cfc folder accessed through a mapping compared to having the cfc's reside inside the specific project in the webroot?

In general the only thing you have to worry about are people invoking your CFCs remotely. CFC methods, if you do not specify an access setting, will default to public, which means they can't access them remotely. So in order for your CFC to be insecure, you would have to go out of your way to set the method to remote.

Now with that being said - I view CFCs as resources like includes and custom tags, and therefore they have no place under web root anyway. Moving them out is better (imho) for organization. You can still provide a remote facade using proxy CFCs as services.

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate for HERE Technologies. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA