> How do you prevent an action from being called directly? I have an action
> that is used to render a menu response segment for the layout. I don't want
> people to be able to call it directly via a URL.
Where is the problem, if you don't publish a link, people cannot guess
the action name.. And even if they guess they only see a broken page,
no security exploits.
--
Giorgio Sironi
Piccolo Principe & Ossigeno Scripter
http://www.sourceforge.net/projects/ossigeno
没有评论:
发表评论