Hi,
I believe you shouldn't abuse neither from the MVC pattern or the Struts' framework. All the issues regarding buyer's actions as well as seller's are part of an specific area: workflow management. Implement a basic WF Management subsystem (or integrate one into your application), define the roles (buyer / seller / whatever...), the actions (along with the corresponding pre- and post-), the nodes, etc... and yes, have your presentation layer (Struts) integrate with it. I know it's not simple or cheap... yet, I'm almost convinced that, at the end, it would've been a good investment for you and your project. Save yourself from trying to convert Struts into an all-mighty-god-who-knows-and-solves-everything tool. For me, that's the bottom-line for all these issues. Again, just my oppinion. HTH. Cheers, Freddy. -----Mensaje original----- De: David Suarez [mailto:[EMAIL PROTECTED] Enviado el: viernes, 15 de octubre de 2004 17:06 Para: [EMAIL PROTECTED]; Struts Users Mailing List Asunto: RE: Exposing ActionForm and MVC fields How about creating a hash/digest when you send the page down with your read-only fields and save it to session/hidden (you know the +/-), then compare it on the re-submit to see if any of the values have changed. If so, throw SecurityException or something similar? Would that work for you...djsuarez -----Original Message----- From: Lee Harrington [mailto:[EMAIL PROTECTED] Sent: Friday, October 15, 2004 8:52 AM To: Struts Users Mailing List Subject: Re: Exposing ActionForm and MVC fields > In this case, i`m still suceptible to be > hacked by javascript, because of the ActionForm fields > exposure. > What about that??? Different actions. I'd reccomend a dispatch action class...with different methods depending on whether the buyer or seller submitted. That way, in the seller method, even if they did hack the submit form you action would not be doing anything with those fields. Lee --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
