I have a jsf page which have inputHidden fields whose values are flags to other functionalities (for instance conditional popup display,...) in my application. I want to know is it safe to have those values in hidden fields cant they be tampered in request or elsewhere
Like as every other non-readonly/non-disabled input, they can be tampered.
If that's a concern, store those values in a view scoped bean instead.