This week's book giveaway is in the Agile and other Processes forum. We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line! See this thread for details.
Can someone point me in the right direction here. I recently registered with a Hosting site and they are using Tomcat.
I use their Tomcat Web Application Manager to deploy the war file for my website and it puts the war file in this folder called "public_html" and then unpacks it. It then leaves the war file in that directory.
Everything is fine except for the fact that it seems that everything in that public_html directory is accessible, including my war file! Anyone that knows the name of my war file can just type in the URL and download the war file to my entire application.
How do I prevent this? Does it have anything to do with the web.xml and server.xml files in the conf directory?
I'd say it has more to do with they way your hosting company has Apache Web Server and Tomcat configured.
By default, Tomcat unpacks the war file in a sibling directory to the actual war (example: MyApp.war and the directory MyApp would both be under tomcat/webapps).
You might also want to check and see if files under the WEB-INF directory are accessible to the web.
Your best bet would be to inform your hosting company of this and see if they're willing to work out a solution. If not, find a better one.
I'm going to move this to our Apache / Tomcat forum because this is not really a servlet issue.
Do you have access to the Tomcat Manager (which is usually found at /manager/html/list) ? It allows to deploy war files directly, without putting them in a public directory first. But hosting companies probably disable it.
Not really a solution, but the web app should run without problems if you remove the war file after a successful deployment.
Not really a solution, but the web app should run without problems if you remove the war file after a successful deployment.
Not always. In some cases (like if the app was deployed by dropping the war file in webapps) removing the war file will cause Tomcat to undeploy the app (removing the app's directory in the process.
I ended up changing the server.xml file to say that the root was webapps instead of public_html and I created a webapps folder in tomcat's directory. This fixed it. But thanks for your responses!
0
