Hi all, i've just read about Seam, and if i understand it wright, creation of Conversation is made by annotation, so it's not an automatic decision of the framework but just a developer decision in action code to create a conversation.
>> Unlikely in an Intranet environment prehaps, but there are a lot of nasty >> people on the internet who *could* programmatically attack your > application. >> Whether you worry about that depends I suppose on the sensitivity of your >> web application. One thing is to have self-suficient forms. Another thing is authorization - totally different story. >> And how do you avoid using the session - shoving everything into request >> scope and returning it >> through hidden fields is insecure ... I'm not saying not to use session at all, what i'm saing is, when user submits a form by post, action need not to fetch any extra data except user himself from session to perform an update of edited object. Best greetings, Paweł Wielgus. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
