Can someone point me in the right direction here. I recently registered with a Hosting site and they are using Tomcat.
I use their Tomcat Web Application Manager to deploy the war file for my website and it puts the war file in this folder called "public_html" and then unpacks it. It then leaves the war file in that directory.
Everything is fine except for the fact that it seems that everything in that public_html directory is accessible, including my war file! Anyone that knows the name of my war file can just type in the URL and download the war file to my entire application.
How do I prevent this? Does it have anything to do with the web.xml and server.xml files in the conf directory?
Do you have access to the Tomcat Manager (which is usually found at /manager/html/list) ? It allows to deploy war files directly, without putting them in a public directory first. But hosting companies probably disable it.
Not really a solution, but the web app should run without problems if you remove the war file after a successful deployment.