It's seems allright.
--- David Suarez <[EMAIL PROTECTED]> escreveu: > How about creating a hash/digest when you send the > page down with your > read-only fields and save it to session/hidden (you > know the +/-), then > compare it on the re-submit to see if any of the > values have changed. > If so, throw SecurityException or something similar? > > Would that work for you...djsuarez > > -----Original Message----- > From: Lee Harrington [mailto:[EMAIL PROTECTED] > Sent: Friday, October 15, 2004 8:52 AM > To: Struts Users Mailing List > Subject: Re: Exposing ActionForm and MVC fields > > > In this case, i`m still suceptible to be > > hacked by javascript, because of the ActionForm > fields > > exposure. > > What about that??? > > Different actions. I'd reccomend a dispatch action > class...with > different methods depending on whether the buyer or > seller submitted. > That way, in the seller method, even if they did > hack the submit form > you action would not be doing anything with those > fields. > > Lee > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
