Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have website that is under version control. To make it easy to deploy it to the server i am thinking about cloning the repo to the server and whenever i want to update the pages just pull changes from the server. From security point of view is this a bad idea to leave .git folder lying around on the webserver ?
You can place arbitrary files in
.git, such as a.htaccessfile which would prevent any access through the web server.If you want an extra security layer (in case you forget to put the
.htaccessthere while recloning the repository for example), you can have your web server refuse to serve any URL with.git/in it by usingmod_rewrite(provided you use Apache, other web servers will use other mechanisms).