Jon Simpson’s Weblog

My personal space for ideas & information.

Subversion and Webroot Security

I’ve taken up managing my deployed web applications with subversion, similar to how I manage my wordpress installs.

However, a new issue arises. The source code to my apps is not neccessarily a public domain, open source deal (like Wordpress), and there is nothing to stop someone going to http://example.com/.svn/ or http://example.com/some_directory/.svn/ and poking around at the code. This problem gets even worse if the configuration is being version controlled (think database usernames/passwords).

A fix, the aggregate of several posts on subversion-users. Add the following lines to your Apache configuration file (tested on Apache 2).

  <DirectoryMatch /\.svn(/|$)>
    Order allow,deny
    deny from all
  </DirectoryMatch>

Well recommended for anyone using svn in publicly visible directories on web servers.

This entry was posted on Tuesday, February 27th, 2007 at 2:39 am and is filed under Computing, Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Previous: mplayer, fontconfig and freetype on OS X Next: 2007 AAAI Spring Symposium: Robots and Robot Venues

Jon Simpson’s Weblog

Subversion and Webroot Security

Leave a Reply

About

Categories

Archives

Search

Meta

Feeds