I made a post to the mailing list last week about this exact problem: a method of limiting certain actions (or parameters of an action) to internal calls only.
I believe I have solved the solution by using a 'secureParam' class, as per my reply [to my own post ;)]: http://www.nabble.com/Securely-sending-information-between-actions-td20727566.html#a20727566. I havent had time to try it yet, but afaik, it should work fine. Any other guidance if anyone has any other suggestions would be appreciated. T On Mon, Dec 1, 2008 at 04:03, Thorsten Ruf <[EMAIL PROTECTED]> wrote: > The main problem with view action helpers is, you (the user) can access the > action simply by accessing the appropiate url, too. The access can not be > restricted in any way. I was looking for a alternative to grant access only > to "internal" access. Maybe Matthew can say something about handling such a > requirement? > > >
