You could always store it in the session and read it from there. > -----Original Message----- > From: Marco Schwarz [mailto:marco.schw...@cioppino.net] > Sent: Saturday, November 12, 2011 1:57 PM > To: Struts Users Mailing List; jlm...@gmail.com > Subject: Re: <s:textfield /> Beginner question > > You are right, but the user must see the fields and I need the object > with all properties for call (JPA) persist method. what's the best > practice for this use case > > I have one object and many roles .... any role can change a different > field ... Do I create a class for any roles? > > Idea? > > Thanks > Marco > > > On Sat, Nov 12, 2011 at 7:31 PM, <jlm...@gmail.com> wrote: > > The use of hidden fields to avoid the user changing those fields is a > security risk. You are still getting all the fields from the client's > side, so the user or somebody else (through a man-in-the-middle > atytack) are still able to change the value of those fields. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
