[nycphp-talk] Webserver file access (and version control)
csnyder
chsnyder at gmail.com
Mon Aug 20 15:45:59 EDT 2007
On 8/18/07, Cliff Hirsch <cliff at pinestream.com> wrote:
>
> Are there any issues related to having the version control hidden files and
> folders on a production site? Does the Subversion .svn folder need to be
> protected on a production site? Is the best practice to do ongoing updates
> on a production site using version control or to export specific tagged
> versions to a production site (which would remove al the version control
> specific hidden files)?
Hey, nice catch Cliff.
<DirectoryMatch "^/.*/\.svn">
Order allow,deny
Deny from all
</DirectoryMatch>
Convenience over security can come back to bite you, I guess.
To reiterate the point, if you use subversion to manage web
directories, you need to make sure that the .svn metadata will not be
served by apache.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list