• Post Reply Bookmark Topic Watch Topic
  • New Topic

JSTL is it secure?

 
Kent de Guzman
Greenhorn
Posts: 14
Java MyEclipse IDE Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi everyone!. I'm new in JSTL and i find it very easy especially when querying a database, but then I'm having a doubts if it is secure to use because it think it is expose. Does anyone use it? or Can anyone enlighten me. Thanks.
 
E Armitage
Rancher
Posts: 989
9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kent de Guzman wrote:Hi everyone!. I'm new in JSTL and i find it very easy especially when querying a database, but then I'm having a doubts if it is secure to use because it think it is expose. Does anyone use it? or Can anyone enlighten me. Thanks.


The JSP JSTL specification says

Many web applications need to access relational databases as the source of dynamic
data for their presentation layer. While it is generally preferred to have database
operations handled within the business logic of a web application designed with an
MVC architecture, there are situations where page authors require this capability
within their JSP pages (e.g. prototyping/testing, small scale/simple applications,
lack of developer resources).

so only use them for those tasks. Whether they are secure or not depending how you are using them but generally speaking JSPs are run on the server side and so no information is exposed to the client because of using them (if that is what you were asking). There are other design reasons why most people would not use them.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65516
105
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Be aware that even the framers of the JSTL do not recommend using the SQL JSTL tags for anything other than quick prototypes. You should be doing your database access in the model, not in the view.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!