Properties file convention
I have an application where I keep senstive information like connection strings,passwords etc in some properties file which is kep under the web server directory structure.
Problem with this apporach is it is not secured.In the sense if some HTTP client knows the location of the properties file he can directly access it by using the browser.
I would like to know from the experts out here as to what is the best practice in this regard?
I have thought about the following option
1.) Move properties file out of web server directory structure
2.) Specify the path in some environment variable set at the OS level for the user.
For the approach that I thought of , what are the permissions to be given to the directory where the properties files are stored(To be accessible from tomcat)? Could someone give me the directory structure in unix which is most appropriate(Interms of /user?)
Secondly is it possible to encrypt the properties files itself by using some standard encryption algorithm?
Thanks in advance.
Best Regards,
Prithvi
