One of the great features of CFCs is the ability to reuse the code for both a straight .cfm page and for Flex apps.
One such app that I devleoped uses Flex for it's charting capabilities and needs access to a 'getResults()' function in the cfc.
All of this content is behind an authentication mechanism, but since the cfc will open itself up to a wsdl request:
https://myserver.com/c/functions.cfc?wsdl
and will actually return the results to the browser if the URL query is crafted properly:
https://myserver.com/c/functions.cfc?method=getResults&Term=2009&Course=Anatomy
What techniques have people used to protect the cfc from direct access UNLESS the request is coming directly from the CFML processor OR from Flex Remoting?