I was just wondering if anyone could tell me the security fall backs on JSP. I am trying to do a report on the differences in security between JSP and PHP. If anyone has experience in both and could compare them that would be even better.
Java Server Pages are transformed into Java
servlets by a component called a JSP Engine. This is a key component of a Java-based web server.
Any report that includes Java security API should mention (1) declarative security options available in various web containers and application servers, e.g. Websphere, Glassfish, etc., (2) security as specified in the Java servlet specification, (3) security mechanisms implemented in the JRE which govern classloading, etc., (4) the Java Authentication and Authorization Service (JAAS) which provides an extensible security API well-suited for web applications.
There may be a few other security mechanisms available, but a report that covers the above should be comprehensive enough. Good luck!
JAAS Reference Documentation PHP is a general-purpose scripting language for HTML browsers.
Java is a robust object-oriented programming language which includes API for building Web applications which are accessed via HTML browsers.
[ April 28, 2008: Message edited by: James Clark ]