The use of hidden fields to avoid the user changing those fields is a security risk. You are still getting all the fields from the client's side, so the user or somebody else (through a man-in-the-middle atytack) are still able to change the value of those fields. Sent via BlackBerry from T-Mobile
-----Original Message----- From: Marco Schwarz <marco.schw...@cioppino.net> Date: Fri, 11 Nov 2011 23:16:24 To: Struts Users Mailing List<user@struts.apache.org> Reply-To: "Struts Users Mailing List" <user@struts.apache.org> Subject: Re: <s:textfield /> Beginner question Hi, hidden tags and plain text solve my problem ... I find, when I disable components via jquery, client side I'm sure to find the same problem :-( Thanks Marco On Fri, Nov 11, 2011 at 11:06 PM, Dave Newton <davelnew...@gmail.com> wrote: > I'd either: > > (a) Not render it as a text field, but rather as plain text, or > (b) Include a hidden field if the user can't edit it. > > There are probably other options too. > > Dave > > On Fri, Nov 11, 2011 at 5:00 PM, Marco Schwarz > <marco.schw...@cioppino.net> wrote: >> Hi, >> >> that's I understand... but I disable fields because a user doesn't >> have right to change the value... and after submit the entity is >> incomplete. >> >> It's there a better method to do that? >> >> Thanks >> Marco >> >> >> On Fri, Nov 11, 2011 at 10:53 PM, Dave Newton <davelnew...@gmail.com> wrote: >>> Oh, I misunderstood; I thought you meant the rendered HTML. >>> >>> Chris is correct; disabled field values aren't sent by the browser. >>> >>> Sorry! >>> >>> On Fri, Nov 11, 2011 at 4:47 PM, Dave Newton <davelnew...@gmail.com> wrote: >>>> Probably because it doesn't need to. >>>> >>>> Dave >>>> >>>> On Fri, Nov 11, 2011 at 4:43 PM, Marco Schwarz >>>> <marco.schw...@cioppino.net> wrote: >>>>> Hi, >>>>> >>>>> I'm new in this mailinglist. >>>>> >>>>> I have a guestion (simple) Why a textfield disabled="true" doesn't set >>>>> his value to my object? When I set disabled="false" it works fine. >>>>> >>>>> Thanks >>>>> Marco >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>>>> For additional commands, e-mail: user-h...@struts.apache.org >>>>> >>>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >>> For additional commands, e-mail: user-h...@struts.apache.org >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
