Re: Is JSP or Servlet more secure?

Becky Phaneuf Fri, 28 Feb 2003 14:28:59 -0800

That doesn't mean anything.  For example, it returned some hits because
of text like:

http://localhost/myJSPApp/Security/login.jsp

and

".... for virtually unassailable security. Back to top. ....
http://angels.mlb.com/NASApp/mlb/ana/help/ana_help_contact_us.jsp
...."

-B

>>> [EMAIL PROTECTED] 02/28/03 12:45PM >>>
Thanks for your quick response Mike. One reason I asked this question -
On
Google, Servlet+Security gives 258,000 hits, while JSP+Security nets
1,240,000 hits.

One reason could be that since JSPs are easier to use, and more is
written about it.

There was another reason it could be so (speculation follows). The
servlet
classes are put in WEB-INF that is only readable by server (at least
in
Tomcat).
JSPs are generally in HTML area that are easier to get to. Even
generated servlets
from JSPs land up in work directory, that may be easier to get to than
WEB-INF.
Just wondering whether this relatively easier access to source of JSPs
may be a
potential vulnerability.

das

Mike Silvers wrote:

>No.  The main difference is the ease of use for creating HTML
documents.
>The jsp makes it easier to create HTML documents.   When a jsp is
used, it
>is first compiled into a servlet and then used.
>
>Mike
>
>----- Original Message -----
>From: <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Friday, February 28, 2003 2:12 PM
>Subject: Is JSP or Servlet more secure?
>
>
>>For creating a totally new web site, is there any difference from
>>security point of view of using only servlets or using only JSPs?
>>
>>das
>>

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html

LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Re: Is JSP or Servlet more secure?

Reply via email to