BlazeDS

• Methods must be defined in remoting-config to be called.
• Only public methods can be called.
• Secure methods by using security-constraints in remoting-config.xml. Add include-methods and exclude-methods tags for all public methods. Add security-constraints to each method.
• Read the Adobe BlazeDS security docs here.

AMFPHP

• Remove the Service Browser and DiscoveryService service.
• Methods that start with an underscore are considered private and cannot be remotely called.
• Disable remote tracing and debugging headers by setting the PRODUCTION_SERVER property in gateway.php.
• Use the beforeFilter class to implement authorization controls. More info here.

PYAMF

• Enable authentication on the server, more info here.