Meaningless Drivel is fun!*
The moose likes JSP and the fly likes JSTL setDataSource syntax secure or not? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "JSTL setDataSource syntax secure or not?" Watch "JSTL setDataSource syntax secure or not?" New topic
Author

JSTL setDataSource syntax secure or not?

Anand Gajjar
Ranch Hand

Joined: Feb 20, 2011
Posts: 31

sometimes we write whole data source syntax in JSP page using JSTL with username and password. so is it secure or not?
for example:
<sql:setDataSource var="dataSource" driver="org.postgresql.Driver" url="jdbc:postgresql://localhost:5433/postgres" user="username" password="password" />

or how to reduce this type of secure syntax at jsp page?

do or die..!!!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60785
    
  65

The JSP stays on the server and is never visible on the client -- so that's not an issue. However, anyone that has permission to view the files on the server can see this information. But it's no less secure in a JAP than in any other file.

P.S. Using the JSTL SQL tags in anything but "toy" code is not recommended.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Stefan Evans
Bartender

Joined: Jul 06, 2005
Posts: 1016
If you are going to use the JSTL SQL tags, I would recommend setting up a JNDI DataSource on your server, and referencing that from the sql tag instead of coding the connection details onto every jsp page.

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60785
    
  65

Indeed.

I usually use Hibernate in my data layer (about as far removed from the UI as it could possibly be), but if you are going to roll your own JDBC, get it out of the JSP pages and use a datasource as Stefan recommended.
Anand Gajjar
Ranch Hand

Joined: Feb 20, 2011
Posts: 31

ok. sir....i will try to do this.....thanks....
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: JSTL setDataSource syntax secure or not?
 
Similar Threads
difficulty in login in one attempt
Password Encryption
authentication problem
Reading password information from a text file.
Open a JSP page without doing hardcoded the credential in hyperlink.