• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Using JSTL SQL tag is secure?

 
adeeb alexander
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi.
I would like to know, using JSTL sql tag is secure or not. Using it is very easy. So can i opt for it?? More over.

If not suggest me something else.



Thanks and Regards.
Adeeb
 
Tim Moores
Bartender
Posts: 2946
46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You absolutely, positively, should not use it. JSPs are for generating textual views; DB access code has no place in them. It was a poor decision on the part of the JSTL designers to include that. You should read up on the MVC pattern to learn why that is.
 
adeeb alexander
Ranch Hand
Posts: 268
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are there any serious security issues with it. Actually i have done with servlet also and passed ArrayList to jsp. In the code below see how the rows are accessed its easy like row.name, where name is column of DB. In the other case i.e using servlet and passing the data to jsp to view, i am unable to do that, I mean i get error while trying to use row.name, that is silly, but i am not able to understand. In case of servlet i am adding the content to list in this way.



and when I am trying to use the below code to view only in case using ArrayList data, its not working, whereas works fine with the JSTL aql tag. I would like to know how to add data to that ArrayList so that i could access it in the below way. Thanks

 
Tim Moores
Bartender
Posts: 2946
46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The JSTL tag isn't any less secure than DB code written in servlets or backing beans, provided you take the same care (like protect from SQL injection, parameter fiddling, DOS attacks etc.). JSPs are just a simplified form of writing servlets, after all.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic