0

Hi I'm new to dynamic web dev. I've searched this site but couldn't find anything similar.

I want to implement a password checker, for robustness and length etc. Fairly conventional. The thing is, I have 2 options: 1. embed javascript inside an HTML. 2. embed javascript inside a jsp file.

With a little preliminary research it seems that most people recommend the former, that is to go with HTML. I wanna know why? I could be completely wrong, in that case I also wanna know why?

The "how" isn't all that important, but "why".

Edit: I know this question is full of flaws (for example JSP and HTML aren't mutually exclusive) but please indulge me a little bit and tell me which scheme is more appropriate, if I want to get things done front end, in a user's browser.

Edit#2 : Sorry I did not provide any bg information: I am working on a larger project and password checker is just a part of it, the project itself is a dynamic web project relies predominantly on java, serverlet.

Improve this question
5
  • What are you checking this password for? And why are you confined to JSP for backend? Why not PHP or Python or Node or anything else? Fundamentally, you are asking whether your checking is done in the front end or the back end. The answer depends on what the purpose of your application is Commented Apr 24, 2018 at 23:43
  • Front end of course, I don't see why I should put more load on my server? Commented Apr 24, 2018 at 23:45
  • JSP is a backend language.... Commented Apr 24, 2018 at 23:46
  • Well it should be done on both sides (people can disable javascript easily, and you should never trust anything from the front end until it's bee sanitized, and verified) but the easy answer is the first option. It is far more portable, and should you decide to move away from jsp's to say php or something else, it will still work. Commented Apr 24, 2018 at 23:46
  • Personal opinion: Avoid JSPs. They are a consistent temptation to inappropriately mix operations and presentation. Using Thymeleaf (or Velocity) for whatever HTML you need on the backend is a better choice. Decide whether to write a single-page application or a traditional set of Web pages with progressive enhancement independently of the choice of templating system. Commented Apr 25, 2018 at 0:38

4 Answers 4

Reset to default
1

As you state you are new to dynamic web dev. JSP is a server side programming language Just like PHP and others. If you want to confirm password, you can use ajax to check for a match from your database and if match was found create a session and redirect your user to the logged in page. If i misunderstood your question, please try to be clear enough.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Depends on your use-case. In some cases, just the front-end is enough. In many, I would say both is better.

By putting it in the front-end/client-side (the "HTML"), you create a more user-friendly approach, since you can rapidly and continuously evaluate the users' input and give them feedback.

If the application doesn't need to be particularly robust from a security perspective, this can be plenty.

The downside of HTML only validation of any user input is that it can easily be bypassed. As a programmer, I could figure out what its doing and easily bypass any and all client-side protects. Users can also wholesale just disable JavaScript, so if your site works without JavaScript in general, they won't get any validation. This is why "security" on the client side is never a thing. Never trust the client.

Implementing it only on the back-end/server-side ("JSP"), you can lock down the security since the end-user can't bypass any of your validation. It must match the rules you set forth.

The downside to server-side is that you must send the data to the server to be analyzed, then wait for a response. While this may be fast, its still much slower than client-side.

By doing it in both, you get the best of both worlds. You get the rapid feedback for the end-user without having to send any data to the server, and you get the full protections of making sure it is properly validated on the server-side.

The downside to this of course is you have to double-up on your code, so its more effort. That's why you want to weight the pros and cons in your particular case, as there isn't a single "best" answer.

Improve this answer

Comments

0

If the HTML is enough for you - why should you use .jsp?

You need .jsp for creating dynamic content and it's gonna be compiled as Servlet - do you actually need Servlet in this case?

Improve this answer

2 Comments

You are right! My project is a dynamic one, sorry I forgot to mention it. Now I'm left with another problem: how do I "put" an HTML page in my project in eclipse EE? Put it under "WebContent" folder? And then where shall I configure it (like modifying an XML file) to make sure it gets "pointed/registered" in the project?
@Akuzuki29087 I'd recommend you to store it under 'webapp\WEB-INF', it can be configured in web.xml file.
0

If security is not a big concern then HTML + javascript should be fine. It will be responsive amd lead to better user experience. If this is an external facing application on the web then as mentioned in some of the other answers go with Jsp approach.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.