A remote method enumeration tool for flex servers


  • Methods must be defined in remoting-config to be called.
  • Only public methods can be called.
  • Secure methods by using security-constraints in remoting-config.xml. Add include-methods and exclude-methods tags for all public methods. Add security-constraints to each method.
  • Read the Adobe BlazeDS security docs here.


  • Remove the Service Browser and DiscoveryService service.
  • Methods that start with an underscore are considered private and cannot be remotely called.
  • Disable remote tracing and debugging headers by setting the PRODUCTION_SERVER property in gateway.php.
  • Use the beforeFilter class to implement authorization controls. More info here.


  • Enable authentication on the server, more info here.