miha-x64
11/12/2016, 6:50 PM@Entity
public class Something {
@Id
@GeneratedValue(generator = "uuid2")
@GenericGenerator(name = "uuid2", strategy = "uuid2")
public UUID id;
@NotNull @Column(columnDefinition = "TEXT")
public String text;
}
, a form with the only field text
, and a controller method:
String addSomething(@ModelAttribute Something something) { somethingRepository.save(something); }
If a user adds id=00000000-0000-0000-0000-000000000000
to his request, and a model with such id already exists, will Hibernate update an existing model? How we can close this security hole?