As Thiago has already pointed out, non sensitive database ID's passed
through the URL should not be an issue providing you check permissions. I
do this kind of thing all the time where I have a method that handles
permission checking. If your doing the check in onActivate you have the
option to red
On Fri, 24 Oct 2014 08:13:14 -0200, Semen Vishniakov
wrote:
Hi all,
Hi!
I really like the concept to store values in the url instead of
storing in the session. But in most cases these are IDs of the
entities that can be manipulated by users in the url.
Is it a good idea to try to encode p
Hi all,
I really like the concept to store values in the url instead of
storing in the session. But in most cases these are IDs of the
entities that can be manipulated by users in the url.
Is it a good idea to try to encode parameters before storing in the
url and to decode before onActivate and i
