Short answer would be yes it would. If a user hits http://<yourdoamin>/.git/config it will reveal all your remotes etc. Probably not what you want The question for me is why do you have a .git folder in your public directory in the first place? There should only be 1 in the root of the project from my understanding.
Cam On 20/01/2010, at 4:47 PM, Terj wrote: > Hello, > > I have a quick question regarding deployment with Capistrano. We have > a PHP app here which I have capified and deployed from github. I > notice that it is placing the .git folders in my www folder as well > when it is checking out the code from the github repository. Are there > any security risks around having my .git folder in my web accessible > folders? I remember this being an issue that someone faced a while > back where someone got access to their source code by accessing > their .svn files which were in their web root. > > Any help and guidance would be much appreciated. > > Cheers, > TJ > -- > You received this message because you are subscribed to the Google Groups > "Ruby or Rails Oceania" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rails-oceania?hl=en. > >
-- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.
