Kent de Guzman wrote:Hi everyone!. I'm new in JSTL and i find it very easy especially when querying a database, but then I'm having a doubts if it is secure to use because it think it is expose. Does anyone use it? or Can anyone enlighten me. Thanks.
The JSP JSTL specification says
Many web applications need to access relational databases as the source of dynamic
data for their presentation layer. While it is generally preferred to have database
operations handled within the business logic of a web application designed with an
MVC architecture, there are situations where page authors require this capability
within their JSP pages (e.g. prototyping/testing, small scale/simple applications,
lack of developer resources).
so only use them for those tasks. Whether they are secure or not depending how you are using them but generally speaking JSPs are run on the server side and so no information is exposed to the client because of using them (if that is what you were asking). There are other design reasons why most people would not use them.