virtualbox.org

I have exported an ova file to be used on multiple machines. The ova is an appliance that has Ubuntu, apache, mysql and my application is installed on var/www.
If a user gets access to the ova file and imports it using virtual box, can he by any means break-in to access my source files in var-www within the image?
I understand that after importing, only the attributes of the image can be modified, but there will be no access into the OS and application installed within the image. Pl clarify.

There is a level of security in the guest OS itself, I dont give root access to the users of the appliance when they log in to guest ubuntu itself. Want to make sure , there is no other way to hack into the source files within my app in var-www?

Simply consider the ova file like a hard drive with some stickers on it.
If you give a hard drive, and boot it, you'll get the system back, with the appropriate permissions, etc.
But nothing stops someone from not booting your OS and boot its own OS instead and directly read the content of the drive and ignoring permissions.
There is no difference between virtualbox and a real hard drive on this matter.

thank you.
However, can this avoided if I try to encrypt the harddisk image using Truecrypt?
Can you suggest other methods to secure the harddrive image?

Any way that would be acceptable using a real hard drive will be acceptable using Virtualbox.
If Truecrypt fits your requirements if this was a real hard drive, then yes.

Is there exist some tool that can encrypt virtual disk images and booting can be possible on encrypted images..?

There is no such feature included in VirtualBox, therefore as Noteirak says, any suitable 3rd party tool will do. We don't endorse any particular tool.