Displaying user details in jsp

[dojha00]

Hey,
I m developing an web application in which there is a link like "view profile" after clicking that user will redirect to another page and that page contains user detail which is fetched from database(db2). So is anyone can help me by telling me the way how to implement it..
I have two ways to implement--
1. store the detail in a class object and save it in session
Problem:- I read many places that we should not store big objects in session.

2.I can write database connection code on jsp page and can show the detail..
Problem:- user can see the table details by editing page source code.

Is there any other way which is secure and efficient??


Sorry for asking such kind of noob question. I was not knowing that by editing page source, java codes will not be visible.
a request to admin to delete this post..

[Tolls]

If you're concerned about the amount of data loaded into the session (which is reasonable, especially if the data isn't needed throughout the site) then read the data in as they access the page.
That is, have a servlet call your data layer (a DAO) to get an object that represents the profile. Stick that in the request (addAttribute), forward to the JSP which will then display the relevant bits.

As for option (2), apart from never doing this in a JSP anyway as it's bad practice, it is not insecure at all. The code that does the database access would be Java code, which is executed on the server.

[dojha00]

If you're concerned about the amount of data loaded into the session (which is reasonable, especially if the data isn't needed throughout the site) then read the data in as they access the page.
That is, have a servlet call your data layer (a DAO) to get an object that represents the profile. Stick that in the request (addAttribute), forward to the JSP which will then display the relevant bits.

As for option (2), apart from never doing this in a JSP anyway as it's bad practice, it is not insecure at all. The code that does the database access would be Java code, which is executed on the server.

Really at some pages i used 1st method but at some places i also used second method..
but thanks for telling me the difference and passing arguments using request object...
since i m new to jsp so i m learning all these..