You are here

Adobe fixes ColdFusion CFC remoting security bug

If you have ColdFusion 8, with CFCs exposed for remote access, with methods marked 'access="remote"' you probably did not know that this also meant any methods marked 'access="public"' could also be invoked remotely.

The obvious security problems now have a fix in the form of hot fix 71471 and it's associated KB article #40332.

You should apply this as soon as you can if your ColdFusion objects are being used by a Flex client, for instance.

Sections: 
topical-homopterousif you are reading this, don't click it as it will mark you as a spammer
if you are reading this, don't click it as it will mark you as a spammer