Prentice Hall and Sun Microsystems. Personal use only; do not redistribute.


8


Chapter 1 Overview of Servlets and JavaServer Pages


Powerful


Servlets support several capabilities that are difficult or impossible to accom 


plish with regular CGI. Servlets can talk directly to the Web server, whereas


regular CGI programs cannot, at least not without using a server specific


API. Communicating with the Web server makes it easier to translate relative


URLs into concrete path names, for instance. Multiple servlets can also share


data, making it easy to implement database connection pooling and similar


resource sharing optimizations. Servlets can also maintain information from


request to request, simplifying techniques like session tracking and caching


of previous computations. 


Portable


Servlets are written in the Java programming language and follow a standard


API. Consequently, servlets written for, say, I Planet Enterprise Server can


run virtually unchanged on Apache, Microsoft Internet Information Server


(IIS), IBM WebSphere, or StarNine WebStar. For example, virtually all of


the servlets and JSP pages in this book were executed on Sun's Java Web


Server, Apache Tomcat and Sun's JavaServer Web Development Kit


(JSWDK) with no changes whatsoever in the code. Many were tested on


BEA WebLogic and IBM WebSphere as well. In fact, servlets are supported


directly or by a plug in on virtually every major Web server. They are now


part of the Java 2 Platform, Enterprise Edition (J2EE; see


http://java.sun.com/j2ee/


), so industry support for servlets is becoming


even more pervasive.


Secure


One of the main sources of vulnerabilities in traditional CGI programs


stems from the fact that they are often executed by general purpose operat 


ing system shells. So the CGI programmer has to be very careful to filter


out characters such as backquotes and semicolons that are treated specially


by the shell. This is harder than one might think, and weaknesses stemming


from this problem are constantly being uncovered in widely used CGI


libraries. A second source of problems is the fact that some CGI programs


are processed by languages that do not automatically check array or string


bounds. For example, in C and C++ it is perfectly legal to allocate a


Second edition of this book: www.coreservlets.com; Sequel: www.moreservlets.com.


Servlet and JSP training courses by book's author: courses.coreservlets.com.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      jsp web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Jsp Web Hosting
Cheapest Web Hosting


Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved