StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWhich properties in a JSF backing bean can be set by a user?
primarykey
Id
17685804
data
AcceptedAnswerId
17698757
AnswerCount
1
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-07-16T19:56:02.860
FavoriteCount
1
LastActivityDate
2013-07-17T11:36:26.337
LastEditDate
2013-07-16T20:30:33.193
LastEditorUserId
985621
OwnerUserId
985621
ParentId
0
PostTypeId
1
Score
2
ViewCount
552
LastEditorDisplayName
text
Body
I have a backing bean (<code>somebean</code>) with three boolean properties <code>a</code>, <code>b</code>, and <code>c</code>, each has a getter and setter. I have a form which looks like this: <pre><code><h:outputText rendered="#{somebean.b}"> B is true </h:outputText> <h:form id="blah"> <h:inputHidden value="#{somebean.a}" id="a"/> <h:commandLink id="zzzz" value="do it" action="#{somebean.doIt}"/> </h:form> </code></pre> Which of the three properties <code>a</code>, <code>b</code>, and <code>c</code> can be set by the client? I tried adding <code>b=true</code> and <code>c=true</code> to the POST request, but <code>SomeBean.setB(boolean)</code> and <code>SomeBean.setC(boolean)</code> never get called. So perhaps only <code>a</code> can be set - the logic being that if there is a field in the JSF that sets it, the client is allowed to set it. But perhaps I'm wrong and it just has some default name that I don't know about that can be used to set it... Should I just assume that any property on my bean can be set by the client? If not, which ones should I assume the client can set (and thus have to worry about during validation)? Also what happens if I have my form conditionally rendered? e.g: <pre><code><h:outputText rendered="#{somebean.b}"> <h:form id="blah"> <h:inputHidden value="#{somebean.a}" id="a"/> <h:commandLink id="zzzz" value="do it" action="#{somebean.doIt}"/> </h:form> </h:outputText> </code></pre> In this case, can <code>a</code> still be set if <code>b</code> is false? <hr> By "client", I mean anything sending HTTP traffic to my site. Which could be for example, malicious code.
Tags
<java><security><jsf>
Title
Which properties in a JSF backing bean can be set by a user?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USmegazord
UserOwnerUserId
1. USmegazord
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POWhich properties in a JSF backing bean can be set by a user?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POWhich properties in a JSF backing bean can be set by a user?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POWhich properties in a JSF backing bean can be set by a user?
 UserUserId
 USDog
 VoteTypeVoteTypeId
 VTFavorite
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.