• Post Reply Bookmark Topic Watch Topic
  • New Topic

Securing JSP  RSS feed

 
geofrey pony
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In a web application how can I ensure that the jsp pages are protected from direct access from intruders?

My understanding is if we move all the jsp's inside the web-inf folder of the application they are automatically secure. Is there are any approach for resolving this?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean by direct access and what do you mean by intruder?

The code to a JSP is not accessible to the web, whether it's in the WEB-INF directory or not. Some of us like to keep our JSPs under WEB-INF to avoid the MVC architecture from being short circuited with a direct hit to the JSP from the web. This, typically, has less to do with security than with making sure the application works as intended.

What, specifically, are you trying to protect your app against?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!