security for jsp's
Posted on 2004-04-23
I just started learning JSP. I am writing a simple JSP which has a form and asks the user for a username and password, the username and password are pre-defined in a hashmap. I was wondering, are people able to download the JSP file on my server and see the whole source code of it? If they are how can i prevent people from downloading a JSP file off my server and not allowing them to look at the code.
I have noticed that when you run a JSP page through a browser (e.g. IE) and click on view - source it shows just the HTML markup rather than the Java. This is great. But are people able to download the JSP file and view its full source (including the java scriptlets, directives and expressions)?