Paul Benedict wrote:
I don't do any business validation with the Validator; I just make sure I get proper data formats so that everything is in proper format when going into the service layers. I want XYZ to be integers and ABC to be strings.
Then where is the big 'security' risk? Worst case scenario in a 'bad format' regard is the user will probably get some nasty error page back when the user tried to execute the action through a URL since the data wouldn't be in the correct format. Why do you care if this user that is mangling the url gets an error page? He/she was doing a no-no in the first place so they deserve the error page.
-- Rick --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
