[jboss-user] [JBoss Seam] - Re: Beginning conversations in @Factory methods

[iradix]

anonymous wrote : You could reload the object when the conversation starts? 

I'm not sure I follow.

anonymous wrote : If this ID is being added as a request param please make sure that it's a non-important ID (ie, not a DB key). If it is, you run the risk of a malicious user accessing or possibly updating data they shouldn't via manipulation of this request param.

I've got to agree with the captain on this one :)  Passing an id is the way I've always done this in the past, but the security concerns/workarounds are a good reason for the JSF DataModel usage in the first place.  In order for the DataModel to work however, it needs to stay consistent between the rendered response and the postback.  I can't serialize it, so it seems to make sense that I would store it in the conversation, which means starting the conversation from the page that requests the @DataModel.

CptnKirk, do you have a different method for handling this?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3957517#3957517

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3957517