How about creating a hash/digest when you send the page down with your read-only fields and save it to session/hidden (you know the +/-), then compare it on the re-submit to see if any of the values have changed. If so, throw SecurityException or something similar?
Would that work for you...djsuarez -----Original Message----- From: Lee Harrington [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 8:52 AM To: Struts Users Mailing List Subject: Re: Exposing ActionForm and MVC fields > In this case, i`m still suceptible to be > hacked by javascript, because of the ActionForm fields > exposure. > What about that??? Different actions. I'd reccomend a dispatch action class...with different methods depending on whether the buyer or seller submitted. That way, in the seller method, even if they did hack the submit form you action would not be doing anything with those fields. Lee --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
