Security comparison between JSP and ASP.Net
Is there any comparison to show why JSP/ASP.Net is better from security point of view? As I think, security开发者_如何学Python depends on the server security, and website architecture and implementation, and only a name like JSP/ASP.Net will not guarantee your website and will not make hackers to run away!!
Is there any study or article to show bugs or security issues in the framework itself?
Both are just view technologies. Both are as secure as you can program it to be. Both does not automagically take care about security risks like XSS, CSRF, SQL injections, etcetera. It's the developer who's responsible for that, regardless of the view technology in question.
MVC frameworks on the other hand (like JSF which runs on top of JSP and ASP.NET MVC which runs on top of ASP.NET), by default already prevents XSS (if you code the view the right way, i.e. display user-controlled input using a component), but you still have to take CSRF and SQL injection risks into account yourself. The former is usually to be done using either a request based token or a captcha and the latter is usually to be done by prepared statements / named queries (for which a decent ORM framework would already take the work from hands).
精彩评论