Rick, I think my concern is valid. I am sorry you don't find this a "big deal" but I wonder how many sites actually use validation to make sure they defend against bad input, only to find out I can pass in a request paramter to simply skip their checking. I mean, that's a pretty big deal in my eyes.
I rarely use normal Action. 99% of my actions are MappingDispatchAction and I have the same problem. I have many actions used as GET requests which retrieve data from the database, and I validate to make sure I only accept ranges of values. Well, now that I learned it's a no-brainer to hack my validation, I am pretty irate -- who would have thought that server-side validation could be so easy to defeat? I don't even need the "cancelled" feature in most of my actions, but because Struts thinks its OK to skip validation whenever this parameter appears in my request, I am upset and I believe rightfully so. It's a hack to code isCancelled() in most of my cases because it's semantically non-sensical; there's nothing to cancel. And using a form which isn't validated is even more non-sensical because what good is data that can be ensures to be good? Paul __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
