2 Replies Latest reply on Feb 4, 2008 6:13 PM by Pete Muir

    Issue on page param security

    Gus Gu Expert


      After practicing on page param, I found that page param is very nice, especially on its bidirectional. However, I also found a problem when I used it about its security. For example, I list all my friends , then I click on one of them and get page param friendId=?, e.g. fiendId=3. On the url localhost/friendView.xhtml?friendId=3, if I manually change friendId=5 and press Enter from url, I will get person info of id=5, but the person of id=5 is NOT my friend. So how can I prevent this case? (user manually changes page param from url). Thank you very much in advance.