This week's giveaway is in the Java/Jakarta EE forum. We're giving away four copies of Java EE 8 High Performance and have Romain Manni-Bucau on-line! See Do you mean "from the JSP (really servlet) as it executes"? If so, you are already running on the server. Or do you mean "from the browser"? If so, I don't see what JSP has to do with this: JSP doesn't run in the browser and doesn't affect the kind of content that can. Can you clarify what you mean, please? Cheers- - Marty
Hello Marty, I mean from the browser. I used "JSP" since I was handling login functions in the JSP. To rephrase the question, what would be the security issues when allowing a user to "telnet" to the webserver from the browser? I am trying to do this by an available telnet applet "JTA". Is this a good practice at all? I know I have not seen browsers allowing users to telnet to any servers... but i wanted to know what the security issues are before ruling out this completely... Thanks RHP
Actually, I think what you mean is you're trying to run a telnet session via a web browser. Telnet security from client to server is low. UserID and password are not encrypted. However, if you're having the user type stuff into an input control in an HTML page (or an equivalent structure in an applet), then the back-end security isn't so important. Instead what's important is the ability to secure the actual web page that the end-user's going to be using. Telnet, BTW isn't all that well suited for use over HTTP. It's not totally synchronous, and even in cases where it is, the response time for a telneted app may exceed the browser's timeout limit which could potentially lead to all sorts of confusion.
An IDE is no substitute for an Intelligent Developer.