Is it safe to have a configuration file outside of the deployed Java war file?

Question

Is it safe to have a configuration file outside of the deployed Java war file?

In particular, is it more or less safe to have the file outside?

It is assumed that you put the configuration files in the root directory (web server). And that there are only standard restrictions on the files used (without special locking tools).

+3

java configuration war

Organiccat May 20 '11 at 18:11

source share

2 answers

, , -.

- (, tomcat Linux tomcat). , tomcat, -.

Context.xml tomcat conf , . , .

+1

extraneon 20 '11 20:55

Mark · Accepted Answer · 2011-05-20T18:25:40+0000

Depends on where you place your configuration files in your WAR. Paste it into WEB-INF or META-INF, you will not be able to drive through them.

/app/WEB-INF/web.xml provides HTTP 404.

If there is some other exploit that would allow someone to access files on the server, I would say that it is no more secure in the WAR in the right place, and then outside the WAR file.

Is it safe to have a configuration file outside of the deployed Java war file?

More articles: