Hello All, In my application, I have a scenario in which user is allowed to update the information pertaining to his/her account. The pages are localised and on the basis of this localisation, some fields are updateable in one scenario, while others are not.
The problem is that a "smart enough user" can still figure out names (from viewing source of the page where he/she adds the information for the first time) and re-write the request parameters by hand, resultingly changing values of the fields which are not supposed to be updated e.g. a user can type in URL http://ourweb.com/someAction.do?fieldX=xyz. In this scenario, the fieldX is updated in the session, and gets posted to the database. It may be worthwhile to mention that the objects that hold and carry the data are same in case of different locals (only the localised JSP pages allow updation of different fields). Hence the business Logic Layer and the database layer simply pass the object for persistance etc. Any idea on the best way to tackle this problem? Regards, Muhammad Momin Rashid. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
