I'm assuming you know that the user doesn't have access to update the
info since you know when to disable the items.
You could bind to non-EO variables and only update the EO with the
ones the user has access to.
Never trust the browser for security (as you discovered). Disabling
the elements is good feedback for the user, though.
Sent from my iPhone
On Jun 12, 2008, at 4:13 PM, Dan Grec <[EMAIL PROTECTED]> wrote:
All,
We're currently using the "disabled" binding (and thus HTML) to stop
text entry into fields when a user doesn't have access.
(i.e. WOTextField, WOCheckbox, etc)
This presents a problem, as users can use an inline proxy or firebug
to submit the data anyway, which gets saved.
Our customers are complaining this is a security risk, so we have to
do something.
We're trying to come up with a way to handle the disabling on the
server side, rather than letter the browser deal with it.
We thought about conditionally rending them as a text equivelant (ie
WOString instead of WOTextField) but this will be pretty annoying
for WOCheckbox & WORadioButton.
Does anyone have any suggestions?
Thanks,
-Dan
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/jgilmorebaldwin%40mac.com
This email sent to [EMAIL PROTECTED]
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
