struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Raley <jo...@moonlight.com>
Subject Re: Why should you call JSP pages directly?
Date Thu, 01 Mar 2001 17:56:17 GMT
So how does one protect JSP's from direct invocation?  Is there a
server-independent way?  (I'm using Tomcat, so that would also be good to
know.)

Maya Muchnik wrote:

> Hello, Jens again,
> I am totally agree with you, but to make it works somebody (a designer) must
> to "protect" jsp files. Several people told me how to do this. About logic
> JSP again it is the designer question. Of course, it is better to have JSP
> only for view. Sometimes, it is difficult, and required everything to be
> redesigned.
> Maya
>
> Jens Rehpöhler wrote:
>
> > Hallo Maya,
> >
> > Maya Muchnik wrote:
> >
> > > Hi, Jens,
> > > When I had asked a question about calling jsp directly, I was concerned,
> > > that a user can see a directory or see a link (as I do) and call this
> > > jsp directly from a browser query / input line. The user likes to
> > > experiment.
> > > That is all. He does not know what is a view jsp or logic jsp.
> >
> > That is the point: a user should never have the possibility to come in
> > contact with a JSP. And a JSP should never contain any business logic.
> >
> > Jens


Mime
View raw message