File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes JSTL setDataSource syntax secure or not? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "JSTL setDataSource syntax secure or not?" Watch "JSTL setDataSource syntax secure or not?" New topic
Author

JSTL setDataSource syntax secure or not?

Anand Gajjar
Ranch Hand

Joined: Feb 20, 2011
Posts: 31

sometimes we write whole data source syntax in JSP page using JSTL with username and password. so is it secure or not?
for example:
<sql:setDataSource var="dataSource" driver="org.postgresql.Driver" url="jdbc:postgresql://localhost:5433/postgres" user="username" password="password" />

or how to reduce this type of secure syntax at jsp page?

do or die..!!!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60041
    
  65

The JSP stays on the server and is never visible on the client -- so that's not an issue. However, anyone that has permission to view the files on the server can see this information. But it's no less secure in a JAP than in any other file.

P.S. Using the JSTL SQL tags in anything but "toy" code is not recommended.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Stefan Evans
Bartender

Joined: Jul 06, 2005
Posts: 1016
If you are going to use the JSTL SQL tags, I would recommend setting up a JNDI DataSource on your server, and referencing that from the sql tag instead of coding the connection details onto every jsp page.

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60041
    
  65

Indeed.

I usually use Hibernate in my data layer (about as far removed from the UI as it could possibly be), but if you are going to roll your own JDBC, get it out of the JSP pages and use a datasource as Stefan recommended.
Anand Gajjar
Ranch Hand

Joined: Feb 20, 2011
Posts: 31

ok. sir....i will try to do this.....thanks....
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSTL setDataSource syntax secure or not?
 
Similar Threads
difficulty in login in one attempt
Password Encryption
Reading password information from a text file.
authentication problem
Open a JSP page without doing hardcoded the credential in hyperlink.