Don't forget, PHP apps aren't structured the same way as Rails apps, so it is possible for the root of the app to be the same as the git root.
>From memory, the git method for using git has a directory in releases that it pulls to, it then copies it to the releases/timestamp directory, removes the .git folder and then symlinks the current to that new timestamped releases directory. Depedning on how you PHP app is structured, you should be able to do the same thing. The other option is to block .git folders in your apache config or a .htaccess file... ---------------------------------------------- Myles Eftos Mobile: +61-409-293-183 MadPilot Productions - Created to be Different URL: http://www.madpilot.com.au Phone: +618-6424-8234 Fax: +618-9467-6289 Try our time tracking system: 88 Miles! http://www.88miles.net -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Cameron Barrie Sent: Wednesday, 20 January 2010 13:58 To: [email protected] Subject: Re: [rails-oceania] Capistrano deployment question Short answer would be yes it would. If a user hits http://<yourdoamin>/.git/config it will reveal all your remotes etc. Probably not what you want The question for me is why do you have a .git folder in your public directory in the first place? There should only be 1 in the root of the project from my understanding. Cam On 20/01/2010, at 4:47 PM, Terj wrote: > Hello, > > I have a quick question regarding deployment with Capistrano. We have > a PHP app here which I have capified and deployed from github. I > notice that it is placing the .git folders in my www folder as well > when it is checking out the code from the github repository. Are there > any security risks around having my .git folder in my web accessible > folders? I remember this being an issue that someone faced a while > back where someone got access to their source code by accessing their > .svn files which were in their web root. > > Any help and guidance would be much appreciated. > > Cheers, > TJ > -- > You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to [email protected]. > For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Ruby or Rails Oceania" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rails-oceania?hl=en.
