1

I am developing web application and i host the application as a .war file in tomcat server. it was located in webapps folder of tomcat server.but i need to secure my hosted file.in webapps folder i found .war file and extracted folder of my application how can i product those files.Can any one help me to solve this issue ?

Thanks in advance

KVK
  • 1,257
  • 2
  • 17
  • 48
  • 1
    Securing the physical files from access to users on the server or preventing users with access from reverse engineering your WAR file? – Michael Sep 03 '14 at 10:34
  • @Mikaveli can you tell in detail how can i achieve. – KVK Sep 03 '14 at 11:02
  • I'm still not clear on your specific problem / what the question relates to. Can you provide more detail? – Michael Sep 03 '14 at 11:07
  • @Mikaveli i was deployed my .war file in tomcat at user system and i need to product my .war file from the user extract from webapp folder in tomcat server – KVK Sep 03 '14 at 11:18

2 Answers2

1

If your 'users' have access to your server, then there's very little you can do to protect the .war file.

If you make sure that the user who runs tomcat has read access to the webapps directory, then you could maybe remove read permissions so that other logged in users do not have read access, but you'd have to check carefully to make sure you get this right.

Why do you want to protect these files? If the users can login to the server, then I don't see much point in protecting the contents of the .war file.

Daniel Scott
  • 7,418
  • 5
  • 39
  • 58
0

Let's think you have created Web Application and this application consist of 2 instance like Local instance and Central instance. And Central instance located in some your own VPS (Virtual Private Server) and Local Instance in your client Server. Finally you want to protect this local war file.

  1. I am agree with "Daniel Scott" if your approach is "Securing the physical files from access to users on the server or preventing users with access from reverse engineering your WAR file". Other way are unavoidable circumstances like: "If you are worried about your class files being decompiled, you can use an obfuscator, as linkedhttp://proguard.sourceforge.net/ . But most people don't worry about this. There is no guaranteed way to protected distributed programs from decompilation. You may want to consider using your own web server if you don't want to separate your project (That approach which I have marked)"

  2. Second way is associate your separated instances with web services and every time send to Central instance request (with some Credentials) in what Business Process you like and additionally other parameters for protection - first : get ip of Client (Local Instance) if ip is static if not second: Get Mac Address of Requested Device (Send from Local Instance: write some code for getting real MAC of Device). Finally control this credential in your Central instance.

  3. Third way simply create you one instance in your Server.

Additional info http://www.avajava.com/tutorials/lessons/how-do-i-prevent-users-from-accessing-my-war-files.html

Musa
  • 2,596
  • 26
  • 25