> Another similar case in
> applications/ecommerce/webapp/ecommerce/customer/editcreditcard.ftl
> which contains
>
> <input type="hidden" name="paymentMethodId" value="${paymentMethodId}">
>
> And this application is designed for public use. What am I missing here?
>
> Regards,
>
> Vinay Agarwal
>
> -----Original Message-----
> *From:* Vinay Agarwal [mailto:[hidden email]]
> *Sent:* Friday, February 10, 2006 8:17 AM
> *To:* 'OFBiz Users / Usage Discussion'
> *Subject:* Hidden partyId - Security Risk?
>
> Hello,
>
> While going through credit card entry ftl’s, I came across
> applications/party/webapp/partymgr/party/editcreditcard.ftl which
> contains the following line
>
> <input type="hidden" name="partyId" value="${partyId}"/>
>
> I could be missing something here, but it sure looks like a security
> risk to me. Granted that this ftl is probably designed to be used only
> for Party Manager part of Webtools and not for a “public” application,
> but even that is not a good thing from code reuse point of view.
>
> Regards,
>
> Vinay Agarwal
>
>------------------------------------------------------------------------
>
>
>_______________________________________________
>Users mailing list
>[hidden email]
>http://lists.ofbiz.org/mailman/listinfo/users
>