Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Hiding password  RSS feed

 
Raj Puri
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I use JDBC to connect using connection object. But users can see the password if they view code from View--->source. How to prevent that in JSP?
 
Julian Kennedy
Ranch Hand
Posts: 823
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rajesh,

Are you sure? What you see in the JSP is not what appears in the browser when you use View Source. Check it out. If the password definitely appears please post the HTML snippet.

Cheers

Jules
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65826
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Even so, if the password is in a JSP, it can be too easily viewed.

It is madness to do this sort of operation in a JSP. Perform such operations in a servlet whose source can never be probed.
 
Jeroen Wenting
Ranch Hand
Posts: 5093
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
true. But if the password isn't passed as part of the generated HTML it's still not visible from a browser.
 
Julian Kennedy
Ranch Hand
Posts: 823
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's a very good point, Bear ... and, worryingly, one that hadn't actually occurred to me before! D'oh! :roll:

No panic, though, all my connection details are hidden well away from prying eyes.

Jules
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65826
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But if the password isn't passed as part of the generated HTML it's still not visible from a browser


Not from the browser HTML, but if the password is sitting in a JSP file that, I'm willing to bet, is not in a protected location, how secure is that?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!