Hi Terj, That's not a problem for ruby apps, because the convention is to set the DocumentRoot to a subdirectory within the project. For example, I deploy rails apps to their own user account, at ~/current. That's a git repo, so there's a ~/current/.git directory. But then, the DocumentRoot is ~/current/public, so nothing outside that directory is accessible to http clients.
Capistrano does something similar, where ~/current is a symlink to ~/releases/<timestamp>, so the contents of the directory are the same. It all depends on how you structure your app. I have no idea about PHP apps, I've never written any PHP, but that's how we do it in the rails world. :) —ben_h On Wed, Jan 20, 2010 at 4:47 PM, Terj <[email protected]> wrote: > Hello, > > I have a quick question regarding deployment with Capistrano. We have > a PHP app here which I have capified and deployed from github. I > notice that it is placing the .git folders in my www folder as well > when it is checking out the code from the github repository. Are there > any security risks around having my .git folder in my web accessible > folders? I remember this being an issue that someone faced a while > back where someone got access to their source code by accessing > their .svn files which were in their web root. > > Any help and guidance would be much appreciated. > > Cheers, > TJ > > -- > You received this message because you are subscribed to the Google Groups > "Ruby or Rails Oceania" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<rails-oceania%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/rails-oceania?hl=en. > > > >--
You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.
