Is it secure to limit access to a backing bean action simply by using the 'rendered' attribute to control when it is displayed? Or is it possible for a malicious user to construct a URL that still invokes the backing bean method, even when the commandButton for it is not rendered for that user?
Thanks, -- Dave Brondsema Software Developer Cornerstone University
signature.asc
Description: OpenPGP digital signature