How to reveal JSP source code

I was just wondering if the source code of a JSP page can be viewed any way?
The JSP gets translated to a servlet, which pretty much generates HTML and only that is visible to the client browser but is there a way around it?
E.g. would be secure/suicidal to include usernames and passwords to the JSP source code?
I would greatly appreciate any feedback.

The HTML delivered will contain only the output from JSP execution -- you're safe there.
Every JSP when it is compiled produces a .java file that contains that actual servlet code. There is a risk of a user finding that and downloading it. To avoid this, you want to do one or more of the following:
1. Turn off the server's retaining of this .java file (it's basically a debugging tool).
2. Ensure that the .java files are created in a directory that is not accessible via the browser (i.e. outside of docroot).
3. Apply file system permissions to the directory the files are created in such that they cannot be accessed from the web.
#1 and #2 should be pretty easily configurable in your application server's settings. #3 is trickier, as you have to set the permissions such that the server can access them, but a web user can't.

Similar Messages

  • How to protect JSP source code on the Server Side ?

    I am new on JSP. I Already know about various Web and Desktop technologies but is the first time on JSP. I know ASP for example.
    Well, about .NET platform, it protects my source code on the server, the source code is compiled and on the server, only the compiled file are installed, my source code stay with me...
    About JSP, how it works about ? Is possible to hide my source code too ? What the technique to hide the codes ? I need to prevent access to my source codes...
    Roberto

    roberto.novakosky wrote:
    About .exe files, do you know if a java class is more easy or dificult to do reverse engineering ?Depends on who your enemy is. If it's for example a hacker with a lot of C knowledge but zero of Java knowledge, reverse engineering .exe would be easier than .class. If one was interested, one would always take time to learn how to decompile the one or other. Making files secure is a waste of time. It's always "hackable".
    If there was a proof of concept, no one major software vendor would have had so much problems with piracy and cracks/keygens. Think about it once again. It's simply impossible. Just have a clear EULA and actually make work of it whenever you discovers if someone breaks your EULA.
    I was thinking about, the .JSP can be converted to servlet .java, and converted to .class, this way hide the source code.Once again, one could still decompile it (or reverse engineer, so you call).

  • How to get the source code of  "com.sap.caf.eu.gp.example.tiimeoff.wd.creat

    Hi Frendz..
    I want to know how we can build a callable obj which have a two buttons those r Accept n Reject accordiing to the actions on these buttons flow should forward to next screen(approver ) r sent back to the sender(screen with reject).
    I gone thru the Leave process(Time-Off process) which is very suitable for my requirment but in this app there r using predefined CO(com.sap.caf.eu.gp.example.tiimeoff.wd.create).How we see the source code of this predefined CO.
    Thanks in Advance
    Regards
    Rajesh

    Hi,
    check [this|Re: Source of Time-off Request Project].
    Regards,
    Naga

  • How to find the source code of com.sap.caf.eu.gp.example.tiimeoff.wd.create

    Hi Frendz..
    I want to know how we can build a callable obj which have a two buttons those  r Accept n Reject accordiing to the actions on these buttons flow should forward to next screen(approver ) r sent back to the sender(screen with reject).
    I gone thru the Leave process(Time-Off process) which is very suitable for my requirment but in this app there r using predefined CO(com.sap.caf.eu.gp.example.tiimeoff.wd.create).How we see the source code of this predefined CO.
    Thanks in Advance
    Regards
    Rajesh

    not answered

  • How to locate the source code which populate the SO number?

    Hi,
    For example:
    In T-code: VA01
    Put your cusor on the screen field : Standard Order
    Then press F1, get the technical info of this field as below shows:
    Screen field     VBAK-VBELN
    Program name     SAPMV45A
    Screen no.       4001
    So my question is, how to locate the source code which exactly to populate the SO number into VBAK-VBELN by the system automaticallly.
    As assumed that the system is generate this kind of SO autuomatically, and its number range is defined in SPRO.
    I just want to find out the coding part which gengerate the SO number.
    Want to see the source code of that...
    How to find it???
    Thanks.

    Hi Deepak,
    Thanks for the info..
    But i think i am also know that.
    Questions is dont know how to find the KEY statements that exactlly to generate the number...
    Anyway, 2 points to you.

  • How to view the source code for Native Method

    hi
    i am using some native methods in to my code ;
    can anybody tell me how to view the source code for the same ;
    nik

    Buy/acquire a C/C++/assembly code disassembler and run the shared library through it.

  • How to read the source code

    Hi,
    I want to know how to read the source code of web dynpro java from the source folder i.e. without loading the project in NWDS. Please answer me as soon as possible.
    Thanks & Regards,
    Aniruddha

    Hi,
    If you are using DC's then you can find the .Java files in the path
    <project Name>\_comp\gen_wdp\packages\<Pacjage>\<ComponentName>\..
    In the above path you can find the Java files of the controllers.
    Thanks,
    Raju Bonagiri

  • How to get the source code of Java Concurrent Program?

    Hi,
    How to get the source code of Java Concurrent Program?
    Example
    Programe Name:Format Payment Instructions
    Executable:Format Payment Instructions
    Execution File Name:FDExtractAndFormatting
    Execution File Path:oracle.apps.iby.scheduler
    Thanks in advance,
    Senthil

    Go on Unix box at $JAVA_TOP/oracle/apps/iby/scheduler
    You will get class file FDExtractAndFormatting.
    Decompile it to get source code.
    Thanks, Avaneesh

  • How to get the source code of a PRT application in the portal

    Hi!
    Does anybody know how to get the source code of a PRT application in the portal?
    Thanks in advance,
    Celso

    Celso,
    If its Java-based code have a look at the properties of an iView that belongs to the application in question and copy the value of the Code Link parameter e.g. 'com.sap.pct.hcm.rc_vacancyrequestov.default'.
    Search the Portal installation directory under /j233/cluster/server/ for a .par.bak file of the same name, removing .default from the codelink parameter
    e.g. com.sap.pct.hcm.rc_vacancyrequestov.par.bak
    Copt this locally and import into Netweaver Developer Studio. You will have to decompilte the class files with a decompiler such as DJ Decompiler or Cavaj (search with Google).
    Cheers,
    Steve

  • How to get the source code of an HTML page in Text file Through J2EE

    How to get the source code of an HTML page in Text file Through J2EE?

    Huh? If you want something like your browser's "view source" command, simply use a URLConnection and read in the data from the URL in question. If the HTML page is instead locally on your machine, use a FileInputStream. There's no magic invovled either way.
    - Saish

  • How to get the source code of an HTML page in Text file Through java?

    How to get the source code of an HTML page in Text file Through java?
    I am coding an application.one module of that application is given below:
    The first part of the application is to connect our application to the existing HTML form.
    This module would make a connection with the HTML page. The HTML page contains the coding for the Form with various elements. The form may be a simple form with one or two fields or a complex one like the form for registering for a new Bank Account or new email account.
    The module will first connect through the HTML page and will fetch the HTML code into a Text File so that the code can be further processed.
    Could any body provide coding hint for that

    You're welcome. How about awarding them duke stars?
    edit: cheers!

  • Where to  find the pcui_gp  components ,How to get the source code of those

    Hi All,
    Can anybody tell the exact location wher the pcui_gp components will be stored if they are  not appearing.
    And another question is how to get the source code of the pcui_gp for customization.
    anybody working on these compoents please help me.
    answers will be rewarded.
    thanks and regards,
    anand

    Hi Arun,
    I am unable to see the pcui_gp components in the DTR ,I require this in order to get the source code of one of its component.
    Can you please tell me the step by step procedure getting those pcui_gp components from J2ee engine to the  dtr or  NWDI.
    If there are any documents on pcui_gp components exclusively please do forward to my mail id [email protected]
    Thansk and Regards,
    Anand.

  • How to protect java source code?

    Hi everybody
    I love Java but I think that people can decompile my class file to take my source code!Like this program
    http://kpdus.tripod.com/jad.html
    How to protect our source code?Even you use Jar files, they can unzip them and decompile!
    Thanks in advance!

    Use Java Obfuscator. Try one of these
    http://preemptive.com/products/dasho/index.html
    http://www.zelix.com/klassmaster/obfuscator.html
    http://java-source.net/open-source/obfuscators

  • How to convert the source code in JSP,HTML&BEANS into executable files?

    Sir,
    We are developing one s/w product in JSP,HTML&BEANS.Now we are in the implementation phase.During the time of Installation,without copying our source code in the customer's site I want to copy the executable files of the entire source codes? Is it possible in JSP,HTML&BEANS?

    In theory you can do it even with JSP but the you will be unable to run it on the standard JSP engine. :-)
    From other hand, all critical logic should be in the Java Beans or at least in custom tags but not in the JSP code. Then you can protect that code and leave JSP open because there is nothing to steal or break.

  • How to get the source code in PAR file

    Hi All,
    I used the PAR migration tool to migrate from PAR to EAR file. When I imported the EAR into NWDS 7.3, I was just able to see the structure and jsp files and could not find the java source code files. I would requires the java source code to make modifications so that deprecated APIs can be replaced and to also make the code compatible with JDK 1.6.
    I think the original 7.0 PAR file itself does not contain the source code. I decided to use the "Include source code" option when exporting the 7.0 PAR.
    I have the portal application DC project in my NWDS 7.0. However, when I try to export the PAR file using Export --> PAR File -- > Next... I am unable to select any project from the list. The list appears blank with disabled Next & Finish buttons.
    I also noticed that in the portal DC application structure, there is a .sda file under /gen/default/deploy. Also there is no PAR folder under /gen/default/public.
    How do I include the source in the PAR file so that I can edit the same after migrating to EAR format ?
    Regards,
    Melwyn

    DC and PAR/EAR stuff are different formats, SC/DC is an archive type used by NWDI, if I got it right.
    How do I go about generating the PAR file (with source) ?
    In fact through including the seources while creating the PAR/EAR in NWDS, but: no need to do that, you can also depack SDA (rename it to zip). If you wanna just see the Java sources you will find them there, otherwise decompile as Vijay already sad.
    cheers

Maybe you are looking for

  • A mouse for my macbook

    I'm looking to buy a mouse for my new macbook and am looking for sugestions. I don't want to break the bank but I'd also like something that is white/light in colour to match the computer. I've read some reviews about the mighty mouse that didn't spe

  • [Selection-screen] Begin of line, Icons, Layout, ...

    Hi, Is WDA lacking some those very familiar features we have in ABAP Selection-screen? (WDR_TEST_SELECT_OPTIONS application certainly does not show the full scope, is it?) Is there a replacement for BEGIN OF LINE in WDA selection-screen? What about a

  • Netweaver error - 400 Bad Request - problem

    Hello, I wrote a Business Intelligence Apllication with Excelsius and Netweaver. The Excelsius sheets display and collect data and send them per XML to Netweaver servlets . The Problem ist 4 of the 6 identical servlet work perfect, but at 2 Netweaver

  • Quick way to create Lower thirds from Spreadsheet

    Maybe everyone knows this already since it came out when I was away from the forums, but I searched the Premiere Pro forums for the word "spreadsheet" and got no related results, so here goes.... There is a way to type all of your information for low

  • Need help when swapping rooms in my point and click game

    Ok i am making my first point and click game in flash to familiarize myself with some of the basics. I have set up a room with a 2 walls(rooms) at the moment, and on the first frame there are 4 screws that when clicked play a small animation and are