Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Specifically, is it more or less secure having the file on the outside?
This is assuming you put the configuration files in the root directory (of the web server). And that there are only standard restrictions to files applied (no special lock down tools).
Depends on where you put your configuration files in your WAR. In you put it in WEB-INF or META-INF you will not be able route to those files.
/app/WEB-INF/web.xml gives a HTTP 404.
Unless there is some other exploit that would allow someone access to files on the server, I would say its no more secure in the WAR in the right place then outside the WAR file.