Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Are there any disadvantages to using a working copy for your live website with SVN 1.7?

Tags:

svn

I'm planning to publish our live site today and I've read that the best option is to use svn export to avoid populating the working copy with .svn files, however this is no longer an issue with SVN 1.7 as the metadata is stored in a single file. Seems to me that using a working copy is much better than exporting as updating the live site would be as simple as running 'svn update'. Is there any reason not to checkout a working copy and use export?

like image 202
Michelle Avatar asked Jan 09 '12 11:01

Michelle

People also ask

Which is a disadvantage with the use of an SVN?

What are SVN's disadvantages? SVN's approach does come with some drawbacks that users should be aware of. Due to its centralized design, most operations dealing with state or history will require a direct connection to the central server.

What is a working copy in SVN?

Working copies A Subversion working copy is your own private working area, which looks like any other ordinary directory on your system. It contains a COPY of those files which you will have been editing on the website. You can edit these files however you wish, in the usual way.

Is SVN free for commercial use?

VisualSVN Server is freely available for commercial use under the Community license.

2 Answers

The problem with using svn update is that it's too easy to update your live site. You might update to a version that doesn't work or is untested.

I'd recommend instead a hybrid approach - before releasing a new version, tag it, then svn switch the live site to that tag.

Obviously you still need to ensure you aren't serving up the root .svn directory.

like image 180
xorsyst Avatar answered Sep 22 '22 11:09

xorsyst

Situation you're describing is a serious security threat.

As you might already know, Subversion stores its metafiles directly in working copy using .svn folders. Each such folder has file entries with the list of all directories having the same level as the corresponding .svn folder. In .svn folders you can also find information about repository location, filesizes, modification dates and user logins. In the case you're deploying your site simply by checking out working copy to the htdocs directory on the web-server, then using URL site.com/.svn/entries you will see not only project filestructure, but also list of authors, latest changes, link to the repository, etc.

You can also find text-base directory in each .svn folder. It contains latest revision of all files placed under version control. Files in text-base directory have .svn-base extension, it allows to send its content directly to the browser output without interpreting it on the server side. Namely, it allows to see raw source code!

Nevertheless, there are simple solutions to this problem.

Apache:

<Directory ~ ".*\.svn">
    Order allow,deny
    Deny from all
    Satisfy All
</Directory>

Nginx:

location ~ /.svn/ {
    deny all;
}

To sum up, main disadvantage of such approach is that you should know about the threat and do not forget to prevent possibility of accessing .svn directories from web.

like image 39
altern Avatar answered Sep 18 '22 11:09

altern
Sign in to Comment

Related questions

How to move/rename a file in Subversion with @ characters in it
How do you get a Subversion diff summary to ignore mergeinfo properties? [duplicate]
deployment strategies, PHP + SVN
svn:externals : Having more than one external repository in a local directory
Commit a partial file (Patch) to SVN [duplicate]
How to automatically create a tag label in svn whenenver a build is pinned
Listing change history via webdav
Exclude directory during jenkins checkout
permanently delete a folder
subversion: merge without a working copy
Is it possible to replace TortoiseSVN's merge algorithm with a "better" one?
What SVN connector do I need to use for Eclipse Juno Subversive on Mac?
Resolve all conflicts and rerun the merge to apply the remaining In autoated Merge Script
How do I convert an svn repo to git using reposurgeon?
SVNException: svn: E175002: REPORT of '/svn/Repository2/!svn/vcc/default' 400 Bad Request
Exclude deleted svn branches/tags on migration to git (git-svn)
Add Database Diagram to Source Control?
How to download an svn archive from a trac tree?
git svn rebase is failing with a conflict to a file that does not exist in git
How can I resolve all SVN conflicts automatically? (Windows CLI)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!