Hi jmix community,
in our application there are some form fields, which we set to enable=false. As an example we have a checkbox group configured like
<checkBoxGroup ... enable="false" />
We were now wondering if a malicious actor could find out how the communication between frontend and backend is working (i.e. the Vaadin RPC mechanism) and then set values for these checkboxes even if they are supposed to be read-only.
So in the end this leads to the question: Do we need to write an explicit validation to check if a readonly field has been changed by the user? Or is this something jmix and Vaadin are taking care of?
Unfortunately I wasn’t able to find this information neither in the Vaadin docs nor in the jmix docs. That’s why I’d like to ask if someone knows more about this topic and maybe also has some links to docs, which describe this topic in depth.
Thank you in advance!