Hello -Since you're using CFCs on the backend (server side) you can secure the app there. Maybe you've already solved this but incase you didn't implement anything yet you can take a look at this link. You should get familiar with cflogin, cfloginuser, cflogout, GetAuthUser, IsUserInRole, Securing...