- Hibernate review for SQL injection,
- Ensure hashCode() & equals() do not have colllections & that for comparison they use getters
- Errors that are db based don't short Hibernate message
- remove/compile out the object (now hidden as a div)
*/admin has also httpauth?
- allow certain screens to auto refresh to ensure admin stays logged in
*username for public is email address
- admin check that a username with email address != admin
*tax invoice as pdf
*email annivrsary
order status based on surname/email/postcode and orderid
*order status auto refresh for admin
Order: address,name,delivery instructions, card, date/time
