https://kotlinlang.org logo
#spring
Title
m

miha-x64

11/12/2016, 6:50 PM
Hmm, I have a question… For example, I've got a model:
Copy code
@Entity
public class Something {
    @Id
    @GeneratedValue(generator = "uuid2")
    @GenericGenerator(name = "uuid2", strategy = "uuid2")
    public UUID id;

    @NotNull @Column(columnDefinition = "TEXT")
    public String text;
}
, a form with the only field
text
, and a controller method:
String addSomething(@ModelAttribute Something something) { somethingRepository.save(something); }
If a user adds
id=00000000-0000-0000-0000-000000000000
to his request, and a model with such id already exists, will Hibernate update an existing model? How we can close this security hole? Actually, we could null out all fields that are not in the form, but it is awful.