If I understand the question, it's not specifc to Spring. It wouldn't matter how the domain objects are being crated, only what can be done with them once they exist.
If there are "problematic" properties on the domain objects, then sure. But many domain objects are simply value or data transfer objects that just carry state, and changing a value that is outside of the transaction can do no harm. There is not a stock answer here. It's going to depend on the actual objects being used. One type of validation that is missing from our arsenal is "expected" values. Right now, we can declare which values are required, but not which values are simply expected. If a domain object is being used as the model, and there are problematic properties on the domain object, then it would be helpful if we could list which properties should be populated by an action, ignoring any others. We actually do this with our .NET framework at work. Since we use fat data transfer objects, it's helpful to have a list of which values an action uses. Of course, a very common error is to leave a value off the list and then wonder why it's not being populated :) -Ted. On 12/18/06, Dave Newton <[EMAIL PROTECTED]> wrote:
Hi, I am currently using the Spring autowiring functionality. Is this a bad idea due to someone being able to craft a request that might walk on one of the injected objects? (Unlikely perhaps, but...) Thanks, Dave
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]