1

I'm curious... I love the asynchronous calls with jQuery, but I don't want my components available to the public by view source...

What is the recommended solution for this?

dcolumbus
  • 9,596
  • 26
  • 100
  • 165
  • not possible. Javascript is accessible by view source by nature. You can use session to access-control your API calls though. – Henry May 15 '11 at 08:31
  • You may set verifyClient=true if you want your CFC to be accessible only by your CFAJAX Components. – Henry May 15 '11 at 17:11
  • Just to be clear: Are you talking about the URLs to your components? That you can't hide without using a facade/proxy component. Unless there's something else wrong with your configuration no one will be able to view the source of your components. – bpanulla May 15 '11 at 18:24

2 Answers2

4

You could make a facade accessible in the webroot that simply passes all inputs to a CFC outside the webroot and returns the results.

That way all that's visible via a direct call to the cfc in the webroot are function and variable names, and all the business logic is out of sight.

Antony
  • 3,781
  • 1
  • 25
  • 32
  • 1
    Another nice thing about this approach is that only the facade CFC needs to have "remote" methods. All of your real implementation CFCs can declare their methods as "public" access, since they're being called from the facade CFC. – bpanulla May 15 '11 at 18:28
  • I think this makes most sense... components that call components. – dcolumbus May 15 '11 at 21:24
0

You could use a route URI-based framework like Taffy[1]. Taffy uses a RESTful architecture to let you define the URIs used to call your components. The client never sees your actual CFC folder structure or filenames.

[1] http://atuttle.github.com/Taffy/

bpanulla
  • 2,988
  • 1
  • 19
  • 23