Menu
git is a very powerful tool, but not that easy to use
For example, I am glad to use git as a tool to update my remote site from my git repository. The problem is there is a .git directory at the root of my website, external users can simply visit it using site/.git, that is terrible, since they can easily get my code history, and basically the current code, they can even get passwords and private informations from the configuration files.
So what is the right way to use git which can make full use of git, but without introducing these threats?
Using git clone git://repo site_root to initialize web site, and git pull to get changes is of great convenience, but also brings huge security problems.
Is there any methods that can be as convenient as the steps shown above, but without security pitfalls?
892
Apache, at least, defaults its configuration to forbidding web access to any file starting with a ., and this could be done in any other webserver as well.
Additionally, it's best to keep sensitive files outside the web root, i.e.:
.git/
config.file
public/
public/index.html
and have the document root for the site be the public/ directory.
112
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
