• Post Reply Bookmark Topic Watch Topic
  • New Topic

Security issues with JSPs

 
Ram Gokul
Ranch Hand
Posts: 85
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JSP gurus ,

I dont want to deploy JSP file out there on our client site . ( Mainly due to security but also due to performance ). I want the App server to use the precompiled class just like any other servlet class .

How do i do this ?

( I achieved this by using some global properties on my App server , but the moment i remove my JSPs , my application collapses as Welcome files lists are not working .)

Thanks
 
Jaikiran Pai
Sheriff
Posts: 10447
227
IntelliJ IDE Ubuntu
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd like to know what your concerns are with JSP files. Seems like you're a little coy with components that the industry has wholeheartedly endorsed. Are you just worried about people seeing your scripts in your JSP?

Are you worried about clients downloading your JSP files from the war? You can certainly secure JSPs in the same manner you secure Servlets - just name them in the web.xml file and shove them behind the web-inf directory.

Tell us your fears - let us dispell them!
[ August 27, 2006: Message edited by: Bear Bibeault ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!