Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security in JSP

 
colm o'donnell
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I was just wondering if anyone could tell me the security fall backs on JSP. I am trying to do a report on the differences in security between JSP and PHP. If anyone has experience in both and could compare them that would be even better.

thanks a million
Colm
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean by "security fall backs"? JSP apps are web apps like PHP apps, so the same problems and attack vectors apply. The http://faq.javaranch.com/java/SecurityFaq has some links on that.
 
Jimmy Clark
Ranch Hand
Posts: 2187
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was just wondering if anyone could tell me the security fall backs on JSP. I am trying to do a report on the differences in security between JSP and PHP. If anyone has experience in both and could compare them that would be even better.


Java Server Pages are transformed into Java servlets by a component called a JSP Engine. This is a key component of a Java-based web server.

Any report that includes Java security API should mention (1) declarative security options available in various web containers and application servers, e.g. Websphere, Glassfish, etc., (2) security as specified in the Java servlet specification, (3) security mechanisms implemented in the JRE which govern classloading, etc., (4) the Java Authentication and Authorization Service (JAAS) which provides an extensible security API well-suited for web applications.

There may be a few other security mechanisms available, but a report that covers the above should be comprehensive enough. Good luck!

JAAS Reference Documentation

PHP is a general-purpose scripting language for HTML browsers.

Java is a robust object-oriented programming language which includes API for building Web applications which are accessed via HTML browsers.
[ April 28, 2008: Message edited by: James Clark ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!