Menu
I'm getting more and more into Git and have to straighten this one out,
I read somewhere that it's bad security practice to put a .git repo inside folders that can be accessed trough the web (sounds reasonable!).
My question is, besides if its correct, what's the best solution to this is? The problem occuring mainly of course if you work on a remote host while web-developing.
For example if i work on domain.com/project where "project" is the repository, what can i do?
Is it possible to move the .git-folder somewhere outside htdocs and link to it? Or can i add some layer of protection to it?
I'm primarily developing on a shared host so i'm limited in what i can install and set up.
I'v read than you can have the whole repository/folder somewhere hidden on the server and then set a script to copy the content when pushing to it.
But when developing on a "live" server, i want to be able to test my code in real time between commits.
Am i clear?
Help appreciated!
310
In the past, I've done this:
project/
.git/
README,etc
public/
index.html
Then you make the public/ subdirectory world visible, but hide the parent project/ directory. You can either do that with a symlink or with the right .htaccess incantations.
97
Yes, you can move the .git directory and use GIT_DIR environment variable to point to it.
GIT_DIR
If the GIT_DIR environment variable is set then it specifies a path to use instead of the
default .git for the base of the repository.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
