Return-Path: Delivered-To: apmail-myfaces-users-archive@www.apache.org Received: (qmail 24337 invoked from network); 11 Sep 2006 19:23:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 11 Sep 2006 19:23:02 -0000 Received: (qmail 48913 invoked by uid 500); 11 Sep 2006 19:22:54 -0000 Delivered-To: apmail-myfaces-users-archive@myfaces.apache.org Received: (qmail 48813 invoked by uid 500); 11 Sep 2006 19:22:53 -0000 Mailing-List: contact users-help@myfaces.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "MyFaces Discussion" Delivered-To: mailing list users@myfaces.apache.org Received: (qmail 48775 invoked by uid 99); 11 Sep 2006 19:22:53 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Sep 2006 12:22:52 -0700 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=DNS_FROM_RFC_ABUSE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of thunderaxiom@gmail.com designates 64.233.182.190 as permitted sender) Received: from [64.233.182.190] (HELO nf-out-0910.google.com) (64.233.182.190) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Sep 2006 12:22:49 -0700 Received: by nf-out-0910.google.com with SMTP id x4so1389099nfb for ; Mon, 11 Sep 2006 12:22:28 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:disposition-notification-to:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type; b=ChaEa7W3yRcAmVMBRv61yDXM2dmBpChAvTb16R8PzaLGjsO/LiMTmTTxwis5pyKjVx4S3DjGGyYpf26oHDdkKrJIhMiYiNJOMHMy22FlQ+cVwM3upLongxpwuC0y3yEW83EgE5CJxaGiDhXWqRK6q5aUFgb6B9bykFk8P7eeSag= Received: by 10.48.210.20 with SMTP id i20mr8529799nfg; Mon, 11 Sep 2006 12:22:27 -0700 (PDT) Received: from ?10.0.0.6? ( [62.66.224.229]) by mx.gmail.com with ESMTP id g1sm13297898nfe.2006.09.11.12.22.27; Mon, 11 Sep 2006 12:22:27 -0700 (PDT) Message-ID: <4505B76F.7050107@gmail.com> Date: Mon, 11 Sep 2006 21:22:23 +0200 From: =?ISO-8859-1?Q?Thorbj=F8rn_Ravn_Andersen?= User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: MyFaces Discussion Subject: Re: SelectOneMenu References: <44D2FDF1.7040106@atanion.com> <00de01c6d588$a2aeefc0$0201a8c0@JARLIER> <311295120609110325l2ae04998yf006c2cba017eb7e@mail.gmail.com> In-Reply-To: <311295120609110325l2ae04998yf006c2cba017eb7e@mail.gmail.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms010107080801040702070501" X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N This is a cryptographically signed message in MIME format. --------------ms010107080801040702070501 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Gerald M�llan skrev den 11-09-2006 12:25: > > The value of the selectOneMenu in the backend will then include the id > of the entity. Just being curious. Will an malicious attempt to set the id to a value NOT in the list given (by handcrafting a response) be allowed to update the property in the bean, or will it be rejected as being invalid? -- Thorbj�rn --------------ms010107080801040702070501 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJFzCC AuYwggJPoAMCAQICEF7nl9Knx9n5jpRJTvj3sRAwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMT I1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA2MDkwODEwMDM1MFoX DTA3MDkwODEwMDM1MFowSDEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjElMCMG CSqGSIb3DQEJARYWdGh1bmRlcmF4aW9tQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBANV0OmKdl0BxPI8XpSuQWJmzF6+rgIfkGx/M6Jzyn70JGLGU9QhALZu1 Feyp2dV3yp6464uoKfEKU4YqD5MVjnBhBFjucxd5qimfJ58SVN2ablrENBnRP+gjHBXiJbbp btQxZX3DuDWxbWzOJtRH+d8y1qFOtAN5+ia1RdEu22nEWaceBdvCg6BtNOlWUrUA2HbSDJzB n58S2RbL0xcWaCQoS3+MqDrovluGNLPMCgYkarEHIybZo72+KXL8da5bhOsI2NBc5+WxdXjx 6jHHfnraNZS0K0onXKSbRjCliivm3GZEDQGrq81Ka7GpeQNwP6yFZoGu6bYs4NwPvp0UbssC AwEAAaMzMDEwIQYDVR0RBBowGIEWdGh1bmRlcmF4aW9tQGdtYWlsLmNvbTAMBgNVHRMBAf8E AjAAMA0GCSqGSIb3DQEBBQUAA4GBAKKKtIQ1boRanFhguaMvMXrAIvozuhuNVc6VSeydUAdh narSFxSZSgMsFd4MSvZMpsMI5OCVthIjXobsUuHK+9/HHe+3DVipcKpo5gQPAVK4ErvFvzpX ZZ7PKNHvBOw3x/Pv8/feETuj2mKVdoXSGoFeBiHSz6K0htbNThA6mN89MIIC5jCCAk+gAwIB AgIQXueX0qfH2fmOlElO+PexEDANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJaQTElMCMG A1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBl cnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDYwOTA4MTAwMzUwWhcNMDcwOTA4MTAw MzUwWjBIMR8wHQYDVQQDExZUaGF3dGUgRnJlZW1haWwgTWVtYmVyMSUwIwYJKoZIhvcNAQkB FhZ0aHVuZGVyYXhpb21AZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEA1XQ6Yp2XQHE8jxelK5BYmbMXr6uAh+QbH8zonPKfvQkYsZT1CEAtm7UV7KnZ1XfKnrjr i6gp8QpThioPkxWOcGEEWO5zF3mqKZ8nnxJU3ZpuWsQ0GdE/6CMcFeIltulu1DFlfcO4NbFt bM4m1Ef53zLWoU60A3n6JrVF0S7bacRZpx4F28KDoG006VZStQDYdtIMnMGfnxLZFsvTFxZo JChLf4yoOui+W4Y0s8wKBiRqsQcjJtmjvb4pcvx1rluE6wjY0Fzn5bF1ePHqMcd+eto1lLQr SidcpJtGMKWKK+bcZkQNAaurzUprsal5A3A/rIVmga7ptizg3A++nRRuywIDAQABozMwMTAh BgNVHREEGjAYgRZ0aHVuZGVyYXhpb21AZ21haWwuY29tMAwGA1UdEwEB/wQCMAAwDQYJKoZI hvcNAQEFBQADgYEAooq0hDVuhFqcWGC5oy8xesAi+jO6G41VzpVJ7J1QB2GdqtIXFJlKAywV 3gxK9kymwwjk4JW2EiNehuxS4cr738cd77cNWKlwqmjmBA8BUrgSu8W/Oldlns8o0e8E7DfH 8+/z994RO6PaYpV2hdIagV4GIdLPorSG1s1OEDqY3z0wggM/MIICqKADAgECAgENMA0GCSqG SIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYD VQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9D ZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQDExtUaGF3dGUgUGVyc29u YWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZyZWVtYWlsQHRoYXd0 ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYDVQQGEwJaQTEl MCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3Rl IFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJj WiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenpruf ZdHFKlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIB ADBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29u YWxGcmVlbWFpbENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMT EVByaXZhdGVMYWJlbDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+v rL7CF6FDlpSdf0whuPg2H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRi x9sncVcljd2pnDmOjCBPZV+V2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9d X2VPMYIDZDCCA2ACAQEwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1 bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz c3VpbmcgQ0ECEF7nl9Knx9n5jpRJTvj3sRAwCQYFKw4DAhoFAKCCAcMwGAYJKoZIhvcNAQkD MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDYwOTExMTkyMjIzWjAjBgkqhkiG9w0B CQQxFgQUU8lj7TQEog1af3tLQaQvfFrXeMwwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0D BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwIC ASgwgYUGCSsGAQQBgjcQBDF4MHYwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp bCBJc3N1aW5nIENBAhBe55fSp8fZ+Y6USU7497EQMIGHBgsqhkiG9w0BCRACCzF4oHYwYjEL MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAhBe55fSp8fZ+Y6U SU7497EQMA0GCSqGSIb3DQEBAQUABIIBABepxH+HiOVisbOlKHaAhoWhoY1nzpc6n7ZqaA+K pqkO9QjbbLiNbuyy/TyVxZdL+mwMgYpZH8MqeAF0L7sizU0o+5cG57a9Ynr2PTZhEbWPTM1L cPve7KsACtMgGzlKJV2Qk62p3qWYFaST0iWDLgl9YA79K0KYfvH4kmiiY6J9e81o+o+B4x8H NP7ixAO96N+gWzEVw9r0h3tmSZIqcgcvW0EkOct/p0bAmzq6MRpP9E8trJgIq3zR5gGKZ4Y8 C4f3zBR5zUDh1un7v1HIvNp8PGdyayR1hpb4pzen+TkYZQeo+UPhzCdN/5upvPrKrhNQi7b+ si3tu6WpYVog/U8AAAAAAAA= --------------ms010107080801040702070501--