CODEWITHSUNDEEP
tomcatlocalhostwebproject
KVK
KVK

Reputation: 1289

How to secure the war file deployed in tomcat server?

I am developing web application and i host the application as a .war file in tomcat server. it was located in webapps folder of tomcat server.but i need to secure my hosted file.in webapps folder i found .war file and extracted folder of my application how can i product those files.Can any one help me to solve this issue ?

Thanks in advance

Upvotes: 1

Views: 2325

Answers (2)

Musa
Musa

Reputation: 2662

Let's think you have created Web Application and this application consist of 2 instance like Local instance and Central instance. And Central instance located in some your own VPS (Virtual Private Server) and Local Instance in your client Server. Finally you want to protect this local war file.

  1. I am agree with "Daniel Scott" if your approach is "Securing the physical files from access to users on the server or preventing users with access from reverse engineering your WAR file". Other way are unavoidable circumstances like: "If you are worried about your class files being decompiled, you can use an obfuscator, as linkedhttp://proguard.sourceforge.net/ . But most people don't worry about this. There is no guaranteed way to protected distributed programs from decompilation. You may want to consider using your own web server if you don't want to separate your project (That approach which I have marked)"

  2. Second way is associate your separated instances with web services and every time send to Central instance request (with some Credentials) in what Business Process you like and additionally other parameters for protection - first : get ip of Client (Local Instance) if ip is static if not second: Get Mac Address of Requested Device (Send from Local Instance: write some code for getting real MAC of Device). Finally control this credential in your Central instance.

  3. Third way simply create you one instance in your Server.

Additional info http://www.avajava.com/tutorials/lessons/how-do-i-prevent-users-from-accessing-my-war-files.html

Upvotes: 0

Daniel Scott
Daniel Scott

Reputation: 7903

If your 'users' have access to your server, then there's very little you can do to protect the .war file.

If you make sure that the user who runs tomcat has read access to the webapps directory, then you could maybe remove read permissions so that other logged in users do not have read access, but you'd have to check carefully to make sure you get this right.

Why do you want to protect these files? If the users can login to the server, then I don't see much point in protecting the contents of the .war file.

Upvotes: 1

Related Questions