Security with Conduit

Since Conduit Invokers can be written to access almost any aspect of a ColdFusion application, security must be considered when writing custom code for Conduit.

For example the current core Invoker does not require a method access to be 'remote' on a cfc (this will be fixed, and configurable in the final release), which highlights the fact that you need to be careful about what is exposed and how.

The nice thing, is also that since you have greater control over the AS3<=>CF communication process, you could (for example), expose all the Beans in your ColdSpring configuration to Flex, but also integrate your application specific security into the invoker yourself. This would mean that you end up with tighter security, in that no one can call the Conduit based Destination without the right credentials, but gives you application greater flexibility in that it reach almost all of your application model easily.

These are just some ideas, but should (hopefully) give you a starting place to start thinking about security with Conduit.