I am facing a problem here regarding the protection of jsps and servlets. When somebody views page source then s/he can view the signout link in jsp page which should not be shown. For example when somebody will view the page source then it is written that a href=”signout.jsp” then I think it is unsafe and if somebody will click on that signout link then automatically session is invalidated but it should be totally prohibited. How can I protect the jsp page so that when somebody tries to view page source then s/he cannot view such sensible links? Any help is appreciated.
Share
You can’t. The link has to be in the HTML (or something else) delivered to the user’s browser, and you cannot prevent a human from getting hold of it.
The correct strategy is to implement server-side checks to stop the supposedly harmful request from being run when it shouldn’t be used. For instance, certain requests should be limited to logged in users, administrators, and so on.
But in this case, what is the harm in the user signing out if he / she wants to? If you try to prevent it, the user can just close the browser, turn off his PC and walk away.
Same answer. You can’t. The user’s browser needs to see the source in unencrypted form in order display it. Your server’s response is delivered to a program running on the user’s machine, and you can’t stop the programming doing what the user wants. And that includes showing the user the source of the page in unencrypted form.