Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is JSP/EJB Code Secure?

Status
Not open for further replies.
smedvid

smedvid

MIS
May 28, 1999
1,228
US
I am a newbie to Java/Web development and have a quick question regarding source code security. I hope it is not too dumb of a question.

Essentially, if I have a JSP/EJB application under BEA Weblogic is any source code exposed or can it be reverse engineered. My understanding is that JSP's are the compiled presentation layer and EJB's are the business logic. Once a JSP is displayed, the only code available is HTML like with perhaps some javascript stuff. Is this correct?

Thanks,

Steve Steve Medvid
Atlas Commerce ("ebusiness evolved")
 
Sort by date Sort by votes
This is correct, the only hole could possibly be the web server. If you can convince the web server to give you the jsp file before it is processed than you would have the source. EJB are out of the question as far as source from the browser.

I haven't heard of any holes but, for instance IIS had quite a few well known holes for exposing ASP code. As you can tell that is a very bad thing.



Wushutwist


Sun Certified Java 2 Programmer
 
Upvote 0 Downvote
hi

u idea is in the proper way
when u are talking about jsp for server side scripting and EJB for business logic its totally secure and jsp is also will be executed very fast

bye
venkat
 
Upvote 0 Downvote
I've seen instances of JSP code being revealed to the client. In all occurances, the webserver was set up to serve JSP files as plain text rather than pass them on to the compiler.
If a JSP is passed to the JSP engine, you will never see the source on the client. If anything goes wrong you will either get an errorpage (server generated or provided by you) or an exception stacktrace, depending on the error and server configuration.

As EJBs are not available as sourcecode to the EJB server/container, there is no risk there at all.

In both cases, there is no risk of decompilation either (as there is with applets) for the simple reason that the bytecode is never transmitted to the client.
In the case of JSP, only the result of execution is transmitted. In case of EJB, the result of execution is transmitted, possibly together with stubclasses.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
how can i convert this code to javascript
Replies
1
Views
209
xwb
xwb
Michelle Cammack
  • Locked
  • Question
Need help with java code
Replies
2
Views
209
SamBones
SamBones
boske3
  • Locked
  • Question
How to convert curl_init() code to Java code
Replies
0
Views
66
boske3
boske3
georgemaravich
  • Locked
  • Question
Need help for trapezoidal rule java code
Replies
3
Views
131
feherke
feherke
seema165
  • Locked
  • Question
Web Application (JSP, Servlets, Struts) Issue - Java & Tomcat Upgrade
Replies
12
Views
212
Diancecht
Diancecht

Part and Inventory Search

Sponsor

Back
Top