• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Security in JSP

 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I was just wondering if anyone could tell me the security fall backs on JSP. I am trying to do a report on the differences in security between JSP and PHP. If anyone has experience in both and could compare them that would be even better.

thanks a million
Colm
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What do you mean by "security fall backs"? JSP apps are web apps like PHP apps, so the same problems and attack vectors apply. The http://faq.javaranch.com/java/SecurityFaq has some links on that.
 
Ranch Hand
Posts: 2187
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I was just wondering if anyone could tell me the security fall backs on JSP. I am trying to do a report on the differences in security between JSP and PHP. If anyone has experience in both and could compare them that would be even better.



Java Server Pages are transformed into Java servlets by a component called a JSP Engine. This is a key component of a Java-based web server.

Any report that includes Java security API should mention (1) declarative security options available in various web containers and application servers, e.g. Websphere, Glassfish, etc., (2) security as specified in the Java servlet specification, (3) security mechanisms implemented in the JRE which govern classloading, etc., (4) the Java Authentication and Authorization Service (JAAS) which provides an extensible security API well-suited for web applications.

There may be a few other security mechanisms available, but a report that covers the above should be comprehensive enough. Good luck!

JAAS Reference Documentation

PHP is a general-purpose scripting language for HTML browsers.

Java is a robust object-oriented programming language which includes API for building Web applications which are accessed via HTML browsers.
[ April 28, 2008: Message edited by: James Clark ]
 
if you think brussel sprouts are yummy, you should try any other food. And this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic