Hello,
If I use <param> with <commandLink> to pass state-information between client and server, backing bean can be requrest scope instead of session scope. will this possibly open up a security hole because client can change these state information and then post back malicious action?
Can <x:saveState> save any information about a backing bean(request scope) on server side? when a new backing bean is created, will it get the data saved with <x:saveState>? Thanks. Dave
Click here to donate to the Hurricane Katrina relief effort.
