|
|
Recommended: Sing it, brah! 5 fabulous songs for developers
JW's Top 5
Featured White Papers
- Measuring Risk to Improve Java Software Quality
- Do You Really Get Classloaders?
- Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
- Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
- Coding with JRebel, Java Forever Changed
- 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data
Sponsored Links
-
Graph databases are 1000x faster than relational.
Learn More!
-
Career opportunities at Harman- Careers That'll Rock Your Socks Off.
Learn More!
-
Developer-friendly Java PDF libraries by Qoppa Software
Live Demos
-
Stop blaming your app! Diagnose Java performance issues.
Free tool >
-
UrbanCode: Go From Continuous Integration to
Continuous DeliveryLearn More!
Hidden Form fields-Alternatives
Submitted by pushpendra_82 on Tue, 03/02/2010 - 08:43.
Hi, It's been established that Hidden form fields are insecure to use in web applications.
Now my question is what all are the alternatives do we have before if we want to avoid (eliminate) the usage of hidden form fields.
For example one have typical we application where user searches the employee and gets the tabular result with one Action column where number of option will be provided like EDIT/DELETE/VIEW.
Now in order to open edit one have to pull that record from the database and open the editable form for the user.
Here the problem starts, now we normally keep some unique value of that employee record there in the hidden field so that at server side the exact database record can be updated.
Surely, this hidden variable can easily tempered and in turn will lead to wrong database update.
Please suggest.
About Us | Advertise | Contact Us | Terms of Service/Privacy | AdChoices
Copyright, 2006-2013 Infoworld, Inc. All rights reserved.