As each JSP page is responsible for handling all of its processing, it's possible that any actions that require a user to be logged in or that access password-protected resources such as databases, could end up exposing sensitive information by embedding it in the page. It's therefore important to make sure that any such logic is encapsulated into JavaBean components or custom actions to prevent this possible security hole.
No comments:
Post a Comment