File Extension JSP
File extension JSP is used to denote files (web pages) containing executable Java code and is an acronym for Java Server Page. Also sometimes given the extension File extension JHTML or File extension JHTM, these files are human readable and can be opened and modified with any text editor or with web development software such as Dreamweaver or HomeSite. These files are parsed and executed by web server software such as Apache or Microsoft's Internet Information Server (IIS) to generate content which is then presented to the viewer via a web browser such as Internet Explorer.
Similar to File extension PHP, Perl or File extension ASP files, JSP files are only ever run on the web server and the user of the web application does not see the actual code, but only the results of the program. For example, JSP files can be used to query a database and to generate a tabular display of results to the viewer, nicely formatted with XHTML and CSS, or to generate or read an XML feed or access on-line web services in the creation of Web 2.0 ?mashup? applications.
Since the JSP files contain executable code, they should be treated with caution. As with all other server-side scripting languages, there are a number of security holes that can be created with sloppy Java programming, and also vulnerabilities in web browsers that can be exploited using server side software. Any script that reads in user input and uses it directly in a database query for example, can lead to SQL injection vulnerabilities if the input is not sanitized properly before use, allowing the user of a web application to execute arbitrary queries on the database and retrieve data they should not have access to, such as user passwords, credit card details, or whatever other information is being stored in the server's database.