I don't know how JPA works exactly, but I suppouse at some point in your app you need to get the object from the database through JPA and upda
2011/11/12 Marco Schwarz <marco.schw...@cioppino.net> > You are right, but the user must see the fields and I need the object > with all properties for call (JPA) persist method. what's the best > practice for this use case > > I have one object and many roles .... any role can change a different > field ... Do I create a class for any roles? > > Idea? > > Thanks > Marco > > > On Sat, Nov 12, 2011 at 7:31 PM, <jlm...@gmail.com> wrote: > > The use of hidden fields to avoid the user changing those fields is a > security risk. You are still getting all the fields from the client's side, > so the user or somebody else (through a man-in-the-middle atytack) are > still able to change the value of those fields. >
