Hi, Tomcat forbids http access to the WEB-INF directory so nobody can receive this file from a http request. They have to have a ssh/terminal services/ftp or other direct connection to your directory. If the security to the machine is good then you files will be safe as well. regards
Bjorn > Where is the best practice for deploying your WebApp configuration > files? For example a database config file which contains production db > password. Most apps I have seen use WEB-INf/config or WEB-INF/classes - > but this is a no-no from security guys as it is under the document > root. > > Thanks > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
