[jboss-user] [JBoss Seam] - Issue on page param security
gus888
do-not-reply at jboss.com
Mon Feb 4 09:33:51 EST 2008
Hi,
After practicing on page param, I found that page param is very nice, especially on its bidirectional. However, I also found a problem when I used it about its security. For example, I list all my friends , then I click on one of them and get page param friendId=?, e.g. fiendId=3. On the url localhost/friendView.xhtml?friendId=3, if I manually change friendId=5 and press Enter from url, I will get person info of id=5, but the person of id=5 is NOT my friend. So how can I prevent this case? (user manually changes page param from url). Thank you very much in advance.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4126181#4126181
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4126181
More information about the jboss-user
mailing list