Thanks for your quick response Mike. One reason I asked this question - On Google, Servlet+Security gives 258,000 hits, while JSP+Security nets 1,240,000 hits.
One reason could be that since JSPs are easier to use, and more is written about it.
There was another reason it could be so (speculation follows). The servlet classes are put in WEB-INF that is only readable by server (at least in Tomcat). JSPs are generally in HTML area that are easier to get to. Even generated servlets from JSPs land up in work directory, that may be easier to get to than WEB-INF. Just wondering whether this relatively easier access to source of JSPs may be a potential vulnerability.
das
Mike Silvers wrote:
No. The main difference is the ease of use for creating HTML documents. The jsp makes it easier to create HTML documents. When a jsp is used, it is first compiled into a servlet and then used.
Mike
----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 28, 2003 2:12 PM Subject: Is JSP or Servlet more secure?
For creating a totally new web site, is there any difference from security point of view of using only servlets or using only JSPs?
das
___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
