Comments on: Serving websites from svn checkout considered harmful http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/ Code and comments on web development, Django, Python and things (un)related. Tue, 13 Jul 2010 16:31:27 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Alex http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-765 Alex Mon, 18 Jan 2010 00:07:12 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-765 stupid russian idiots published this news 1 year after you...)) http://habrahabr.ru/blogs/infosecurity/70330/ stupid russian idiots published this news 1 year after you…))

http://habrahabr.ru/blogs/infosecurity/70330/

]]> By: rtw http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-644 rtw Thu, 12 Mar 2009 19:27:42 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-644 i've been messing around with my lighttpd regex patterns trying to solve this issue - <code> $HTTP["url"] =~ ".*\.svn.*" { url.access-deny = ("") } </code> still allows me to access/download the /.svn/entries and /.svn/format files, but protects the directory. Anyone else have similar results? p.s. - i'm actually planning on using: <code> url.redirect-code = 404 </code> instead of <code> #url.access-deny = ("") </code> I believe this is a better strategy - that way you're denying that the files are even there. The equivalent in Apache is: <code> RedirectMatch 404 /\\.svn(/|$) </code> (the apache directive protects the entries and format files) Any help is appreciated!! i’ve been messing around with my lighttpd regex patterns trying to solve this issue –


$HTTP["url"] =~ ".*\.svn.*" {
url.access-deny = ("")
}

still allows me to access/download the /.svn/entries and /.svn/format files, but protects the directory. Anyone else have similar results?

p.s. – i’m actually planning on using:


url.redirect-code = 404

instead of

#url.access-deny = ("")

I believe this is a better strategy – that way you’re denying that the files are even there. The equivalent in Apache is:


RedirectMatch 404 /\\.svn(/|$)

(the apache directive protects the entries and format files)

Any help is appreciated!!

]]> By: Jason http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-602 Jason Fri, 19 Dec 2008 01:27:28 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-602 I use darcs rather than svn for my webpage, and noticed the darcs equivalent to this a few months ago. It's a problem with most VC systems. I use darcs rather than svn for my webpage, and noticed the darcs equivalent to this a few months ago. It’s a problem with most VC systems.

]]> By: Jonathan http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-573 Jonathan Sun, 26 Oct 2008 14:09:28 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-573 Wow! Thanks for opening my eyes on this. I'm so surprised that this isn't a well-known issue for web developers using subversion. I just sent your article out to a bunch of colleagues. Thanks again, Jonathan Wow! Thanks for opening my eyes on this.

I’m so surprised that this isn’t a well-known issue for web developers using subversion.

I just sent your article out to a bunch of colleagues.
Thanks again,
Jonathan

]]>