[nycphp-talk] Webserver file access (and version control)
Cliff Hirsch
cliff at pinestream.com
Mon Aug 20 15:59:59 EDT 2007
> Hey, nice catch Cliff.
>
> <DirectoryMatch "^/.*/\.svn">
> Order allow,deny
> Deny from all
> </DirectoryMatch>
>
> Convenience over security can come back to bite you, I guess.
>
> To reiterate the point, if you use subversion to manage web
> directories, you need to make sure that the .svn metadata will not be
> served by apache.
Convenience sure makes me want to use this approach. And you could even
update the production "working copy" to a specific branch or tag, not just
the main trunk. But...it's still an update and conflicts would be a bear to
deal with in a production environment. Although there shouldn't be any
conflicts if the prod. Working copy isn't touched.
More information about the talk
mailing list