0

So a bit of background I have a surface level understanding about Tomcat WAR/Java files but I am helping out the programming team as I am taking over managing our Linux servers.

We are utilizing Apache Tomcat 8.5 and we currently have a WAR file that has a database login xml file. We would like to pull out the xml file into its own directory but I want to secure it down to make sure it can only be accessed from the WAR files on the server and not directly by url. (edit) XML outside of a war file not from within

I'm open to any idea and any form of implementation.

Wheels35
  • 1
  • 1
  • the fact that xml file is in the war doesn't mean that is accessible by URL... – Milan Mar 12 '19 at 00:38
  • There is still a security concern - database credentials for production should not be in the war file at all. One solution is to have it accessible to the application (war file) using environment variables, this would require code change of the application. – Milan Mar 12 '19 at 00:40
  • I agree there is a security concern. We aren't deployed yet, and still running through different usage cases. The URL statement wasnt exactly what I meant from the WAR. They want it in a subdirectory or other similar that would only be accessible from other war files – Wheels35 Mar 12 '19 at 00:45
  • There are several ways to keep and fetch resources in Tomcat. https://stackoverflow.com/questions/2161054/where-to-place-and-how-to-read-configuration-resource-files-in-servlet-based-app - some code change will be required – Milan Mar 12 '19 at 00:52
  • okay what about a different approach. What about having one war file call another with a url and securing that second war to only be accessible from the first – Wheels35 Mar 12 '19 at 01:18

0 Answers0