i've a page for user profile editing my User has a currentMoneyAmount property. in my JSF I show User.currentMoneyAmount as output text this is a edit screen , I am outjecting the properties to some SB and do em.merge(editedUser) can hacker or anyone else who knows seam make my page outject other properties as well like currentMoneyAmount? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970994#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...