security question

mrohad Sep 12, 2006 8:38 AM

i've a page for user profile editing

my User has a currentMoneyAmount property.
in my JSF I show User.currentMoneyAmount as output text

this is a edit screen , I am outjecting the properties to some SB and do em.merge(editedUser)

can hacker or anyone else who knows seam make my page outject other properties as well like currentMoneyAmount?

1. Re: security question

mrohad Sep 13, 2006 7:19 AM (in response to mrohad)

no one knows?

if I've <h:outputtext value="#{User.currentAmount}" />
can someone mess my html and outject this value to the server?
Actions
2. Re: security question

gavin.king Sep 13, 2006 1:11 PM (in response to mrohad)

no

Do a "View > Page Source" in your web browser.
Actions

Go to original post