hibernate - Spring MVC + JPA - Binding/Updating Associated Entities -

-

Some of these questions relate to J.A.A., but more about approach than technology, so hopefully no advice Will be able to deliver.

I want to be in Spring MVC and Hibernate to bring a website into power which allows users to create products and make product descriptions. I have product edited, with bidirectional one-to-many relationships with ProductDescription.

If a form adds a frequency of the product when submitting the form, and all its product specifies the description, then a malicious user can enter the fake ID for ProductDescriptions and other users' data Can 'abduct' One solution for this will always be to make the producers new, so remove them when the form is submitted, and make them new every time. Due to the extra deletion and write operation it seems disqualified that the product will need to be updated every time (even if the product descriptors have not changed).

The 'ownership' of another option will be examined by the institutions before the child runs an update.

How do other people get this issue? Do most people delete / insert, or make selective updates?

Like submissions posted here, I am talking about: id = 1 name = My product description [0] .id = 123 details [0] .text = A beautiful description of my product description [0] .price = 100 Description [1] .id = 123 Description [1] .text = My other beautiful description Description of other language of the product [1] .price = 50

And an example of what I'm talking about: 

  public class products {@Id @GeneratedValue (strategy = GenerationType AUTO) Private Integer ID; @OneToMany (mapped = "product") private set & lt; ProductDescription & gt; description; The name of the private string; } Public Class Product Description {@Id @GeneratedValue (strategy = GenerationType.AUTO) Private Integer ID; Private integer value; @ManyToOne Personal Product Products; Private string text; }   
 
 If you are interested in adding security to your application I recommend using spring safety and with it you can check in the sublet if the user owns that product before updating his values.  
 In the same way we have done so far. Removes a bit of resources with server side checking, but by using the post, only advanced users can try to change the response header, so I do not think it is too much.  
 Try using session to validate the user without security, but the problem is that if the session is terminated then no one can change the product.  
 Cheers

Comments

Post a Comment

Popular posts from this blog

mysql - BLOB/TEXT column 'value' used in key specification without a key length -

-
I have developed an extension which works up to 1.6 on Magren (I'm trying Enterprise Edition, And I think the community is the same problem, because it is the same code). In my install script, I see the $ installer-> gt; CreateEntityTables ($ this- & gt; getTable ('alphanum / info')); The installation is done until it is not in the _text unit table. It crashed there! It turns out that when I log in to SQL and run it via PHPmyadmin, then this error is: Blob / Text column 'value' is used without the key 'key' . I saw the code there, and this is what is trying to create an index on the value column: -> addIndex ($ this- & gt; getIdxName ($ eavTableName, array ( 'attribute_id array (' attribute_id ',' value ')) - & gt; addIndex ($ this- & gt; getIdxName ($ eavTableName, array (' entity_type_id ' , 'Value')), array ('entity_type_id', 'value')) If there is no if statement is n...
Read more

c# - Using Vici cool Storage with monodroid -

-
Oh, for the moment I am not sure how it is officially supported, but for the success of the people Using Monodroid Vic Cool Storage I am able to leave and compile assemblies in my project, but while trying to use some classes, the errors of time have to be gathered. Especially when trying to connect like the example for Mono Touch string dbName = path. Cobain (environment. Gatefolder path (environment specialfolder personal), "mydb.db3"); // The following line will be called coolestation, where is the database, // to make it if it does not exist, and call a delegate that creates the necessary tables (only when the database file was newly created //) CSConfig.SetDB (DbName, true, () => {CSDatabase.ExecuteNonQuery ("Subscriber Integer Primary Key Attribute, Name Text (50) No, Number, Date First Text (30)");); There is no difference when I try to use the methods of CSConfig and when I cscfif If I try to pass 3 aggregates to STDB (3) then I get the invalid ...
Read more

python - referencing a variable in another function? -

-
I am an experienced TCL developer and write my own processes to help myself. I call it a proc i callVar, print out the value of the variable in a certain format, so I know that it is variable and what is the value "set foo 1; putVar foo" result 'foo = "1" I want to do the same thing in Python, but I can not find the answer :( In TCL I use the up command because when I pass the name of the variable, then I can see the value at the top. . I understand that an advanced light in the dragon There is no mechanism of r, but with its introspection capability, I would think that this is something trivial, but I am not getting the answer anywhere. It seems that this should work: and expanded: def foo (): y = "Hello World" printwor ("y") foo () y = "Hello World " You can, but you should not do so if your code is correct If is needed , then there is something wrong with your design, and you should probably use the dictionar...
Read more