Cliff Hirsch wrote:
Hey, nice catch Cliff.
<DirectoryMatch "^/.*/\.svn">
Order allow,deny
Deny from all
</DirectoryMatch>
Convenience over security can come back to bite you, I guess.
To reiterate the point, if you use subversion to manage web
directories, you need to make sure that the .svn metadata will not be
served by apache.
Convenience sure makes me want to use this approach. And you could even
update the production "working copy" to a specific branch or tag, not just
the main trunk. But...it's still an update and conflicts would be a bear to
deal with in a production environment. Although there shouldn't be any
conflicts if the prod. Working copy isn't touched.
It goes the other way. Making a release should always be a fresh check
out of a (brand new) branch that got tagged on the testing server.
If any serious but easy to fix bugs appear on the production system, you
just fix them, commit the changes back to the branch, and then merge
those changes back to the trunk on your development system.
-Tim
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
