tags:

views:

96

answers:

1
+3  Q: 

What makes verifyClient in cffunction secure?

What does verifyClient in <cffunction> actually do that makes it secure? secure from what?

Doc said:

A Boolean value that specifies whether to require remote function calls to include an encrypted security token. For use with ColdFusion AJAX applications only.

encrypted security token? who generates that? Client-side by JS? Injected to JS on page request by CF? What if another person uses the same security token?

+2  A: 

By looking at the generated source, the _cf_clientid is a string of hexadecimal generated by ColdFusion and injected to the client's JavaScript.

Seems like that ID will be compared with the CFID and CFTOKEN if session management is enabled.

I opened another browser and go to the same URL (GET), and the server replies a HTTP 500 internal server error.

Henry  2009-08-05 02:25:52
Is this only usable if you are using cfajaxproxy? I would like to implement this in my ExtJS application, but I don't think it will work.
Jason  2009-08-05 16:53:19
Yes, cfajaxproxy or cf8 ajax components like CFGrid or CFinput bind to a CFC
Henry  2009-08-05 18:09:45
Okay, I guess I'll have to figure something else out then!
Jason  2009-08-05 19:23:45

related questions

How do HttpOnly cookies work with AJAX requests?
ASP.NET JavaScript Callbacks Without Full PostBacks?
How to set encoding in .getJSON JQuery
Suggestions on Ajax development environment for PHP
Need to test an ajax timeout condition
XmlHttpRequest return values
Adobe AIR: Handling JSON objects from server
Best framework for implementing iGoogle or pageflakes (ASP.NET)
Is there some way to PUSH data from web server to browser?
Are there reasons not to use JSONP for AJA~X requests?
Minimize javascript HTTP calls from AjaxControlToolkit controls?
Only accepting certain ajax requests from authenticated users
ASP.net AJAX Drag/Drop?
Scrolling Overflowed DIVs with JavaScript
Speeding up an ASP.Net Web Site or Application
ICE Faces fileInput file path and file name properties
Ajax project suggestion.
Graphing JavaScript Library
Debugging: IE6 + SSL + AJAX + post form = 404 error
Best ajax library for Sharepoint
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?
What is Progressive Enhancement?
Tracking state using ASP.NET AJAX / ICallbackEventHandler
Easy way to AJAX WebControls
Modify Address Bar URL in AJAX App to Match Current State