> Another similar case in
> applications/ecommerce/webapp/ecommerce/customer/editcreditcard.ftl
> which contains
>
>         <input type="hidden" name="paymentMethodId"
> value="${paymentMethodId}">
>
> And this application is designed for public use. What am I missing
> here?
>
>  
>
> Regards,
>
> Vinay Agarwal
>
>  
>
> -----Original Message-----
> From: Vinay Agarwal [mailto:[hidden email]]
> Sent: Friday, February 10, 2006 8:17 AM
> To: 'OFBiz Users / Usage Discussion'
> Subject: Hidden partyId - Security Risk?
>
>  
>
> Hello,
>
>  
>
> While going through credit card entry ftl’s, I came across
> applications/party/webapp/partymgr/party/editcreditcard.ftl which
> contains the following line
>
> <input type="hidden" name="partyId" value="${partyId}"/>
>
> I could be missing something here, but it sure looks like a security
> risk to me. Granted that this ftl is probably designed to be used only
> for Party Manager part of Webtools and not for a “public” application,
> but even that is not a good thing from code reuse point of view.
>
>  
>
> Regards,
>
> Vinay Agarwal
>
>
>  _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.ofbiz.org/mailman/listinfo/users