Your security issues are mostly handled on how you are granting public user access to the objects behind your pages. All code and whatnot is managed within Salesforce's infrastructure and is secure from that standpoint.
However - your usual suspects still should be accounted for when publishing functionality publically on the web:
Make sure that if you're providing some kind of functionality where you are creating SOQL queries based off of user input, that they are protected in such a way to prevent SOQL injection attacks
Don't expose more objects to the public user's profile than absolutely necessary
Don't put any static information in your VF page or Controller that you wouldn't want posted up for anyone to see (usernames, passwords, anything like that)
Force.com sites comprises of several Visualforce pages. If you can have lookup fields in VF pages, then it is the same for force.com sites.
Or am i not understanding your question right?
Thaks.
I know its possible in vf page.But want to know if any one has exposed lookup fields in force.com sites.Are there any security issues with it?
Your security issues are mostly handled on how you are granting public user access to the objects behind your pages. All code and whatnot is managed within Salesforce's infrastructure and is secure from that standpoint.
However - your usual suspects still should be accounted for when publishing functionality publically on the web:
-Andy