Dear all
I found that you can not see the HTML page source code of JSP forum.When you click "view source code", it will open a empty txt file, or for some site there are no any response. Because there are some SQL statements in my HTML page, I hope to shield HTML page source code, Hope to do it?
Thanks
Luke
Hi
I tried to view this forum source (with brousers view source) and succseded. Really, there is some blank lines in the begining, but...
In fact I dont know a way for you to protect your content if it is in the client's browser. Anyway, there is view source or smth like that (you could send pre-rendered images anyway :-). By the way, using enough frames may confuse (frame source or page source) me enough.
But you could be sure that your scriplets, expressions and other server-side scriptings will be invisible to the common user. The good news is that that scripting area is the normal place to write your SQLs. More: a jsp page is just a servlet on the server. So security issues are equivalent.
You can hide your source using JavaScript, but if you do I could switch of javascript on my browser and still see the source just as easily.
Simple solution: don't include sql in an html page. There is no reason to and I cannot imagine why anyone would want to do it. If it was necessary there would be an easy way to hide your source.
You can obfuscate it somewhat, but security solely through obscurity is bad security ( http://securityportal.com/beale/beale20010720.html ) so it is easier to separate your page logic further.
The above comment I assume refers to <% jsp tags %> rather than HTML. Obviously statements in jsp sections are parsed by the jsp processor, unless you have out.printed them.
