Skip to main content


Eclipse Community Forums

      Home
Home » Language IDEs » ServerTools (WTP) » JSP, security and MySQL
JSP, security and MySQL [message #77447] Sat, 26 February 2005 15:05 Go to next message
Eclipse UserFriend
Originally posted by: nospam.noemail.com

Hi,

I've created a simple JSP test which connect to MySQL DB v4.1.10.
From security aspects, I would like to not allow users of this page to
see what is :
- the connection string to DB (with username, password, DB name,...)
- the SQL statement
- connection and disconnection to/of DB.

For all these 3 things, i was thinking to use some servlets, like that
nobody can know what they are doing and how to they work.

if i don't use servlet, I;m forced to use stored procedures for point
2...but for the rest, i really don't know.

Does anyone could help me, giving me some good advices or links ?
thanks a lot,

Maileen
Re: JSP, security and MySQL [message #77521 is a reply to message #77447] Sun, 27 February 2005 02:51 Go to previous message
Eclipse UserFriend
Originally posted by: jmordax.terra.es

Maileen wrote:

> Hi,
>
> I've created a simple JSP test which connect to MySQL DB v4.1.10.
> From security aspects, I would like to not allow users of this page to
> see what is :
> - the connection string to DB (with username, password, DB name,...)
> - the SQL statement
> - connection and disconnection to/of DB.
>
> For all these 3 things, i was thinking to use some servlets, like that
> nobody can know what they are doing and how to they work.
>
> if i don't use servlet, I;m forced to use stored procedures for point
> 2...but for the rest, i really don't know.
>
> Does anyone could help me, giving me some good advices or links ?
> thanks a lot,
>
> Maileen

Hummm.... I think this is more a J2EE question than a WTP one.

Your JSP page will be executed at server side and all the java code will
be executed and dissapears from the code when it is returned to the
browser. I mean, your users will call the execution of the JSP file at
the server side, the JSP will connect to the DB, execute a SQL, and
return in HTML the results from the queries but the connectivity code,
sql statement, etc... will not be present in the result HTML code.

Try a simple example to double check what I am refering to.

Hope this helps,

Chemi.
Previous Topic:XML Catalog and Validation
Next Topic:Imports in include files
Goto Forum:
  


Current Time: Sat May 10 20:52:40 EDT 2025

Powered by FUDForum. Page generated in 0.03271 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly