Was going thro some security sites and realized that it is possible to obtain the source of a
JSp page.
It is said that in some
tomcat implementations instead of the trailing "p" in .jsp if u use "%70" (the char for 'p') the server incorrectly recognizes this as a request for a non .jsp file and pumps out the file onto the client. I tried the above in tomcat 3.3 on a WinMe platform and a SunSolaris ver 5 platform, and it DINT show the source code.
The above is described at
http://www.jadcentral.com/newscentral/feature.jsp?feature_ID=23 What i was worried about is that, i had passwords to the Mysql database in the .jsp file(s) itself. after reading this security issue, i have since removed it from the file(s).
Are there any other ways by which one may view the source of a .jsp file?