Hi Simon, Overall, I was thinking about what you said and I am coming to the conclusion that the way JSF currently handles this situation might be indeed just fine. But I am still a little bit in doubt.
You have given the user a list of valid options. However you have no control over what gets submitted; a user can potentially fake the POST response to contain whatever they want.
If the selectOneMenu had cached the SelectItems it created during the Render Reponse phase, and reused these values, instead of executing the binding once again and querying the database, we could still assure that the value the user has selected is something that has been present in the menu, and thus, not fake. Also, if I had retrieved the data from database, created the selectOneMenu programatically, and bound it to the corresponding tag in the page, JSF could not anymore validate the data against the database. If I could somehow accomplish this without component binding... :-) Kindest regards, Behi -- "Science is a differential equation. Religion is a boundary condition" - Alan Turing Behrang Saeedzadeh http://www.jroller.com/page/behrangsa http://my.opera.com/behrangsa
