In the Struts2 tutorial page: http://appfuse.org/display/APF/Using+Struts+2 It shows how to use Struts2 to write CRUD for the entity "Person".
Because it use the id (the PK of Person) that is shown on the web page to identity which record of person to use, it apparently causes a serious security issue. I made a few changes to remove the id from the jsp pages and instead store it in the HttpSession. What I changes include: - PersonAction/Test, - web-tests.xml, - personList.jsp, etc. If, in the future, you would like to update the tutorial as not showing id on the web, please let me know and it will be my pleasure to upload my code for your references. -- View this message in context: http://www.nabble.com/hide-id-of-person-from-the-web-pages-tf3376792s2369.html#a9398113 Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
