Skip to main content
This topic has been closed for replies.

2 replies

H
henrylearn2rock
Known Participant
July 9, 2013

Examples should be updated. Every cffunctions in mycfc.cfc should have access="remote".

H
henrylearn2rock
Known Participant
July 3, 2013

CF10 websocket p2p can invoke any public functions in any CFC from JavaScript. How is this Not a security risk?

http://stackoverflow.com/questions/17351214/cf10-websocket-p2p-can-invoke-any-public-functions-in-any-cfc-from-javascript-h

Anit_Kumar
Anit_Kumar
Inspiring
July 3, 2013

Hello henrylearn2rock,

We are aware about the vulnerability using the websockets and the Adobe's Security team is working towards the fix. Here is the link to the blog post.

http://blogs.coldfusion.com/post.cfm/coldfusion-10-websocket-vulnerebility

Regards,

Anit Kumar

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices