Comments on: Serving websites from svn checkout considered harmful http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/ Code and comments on web development, Django, Python and things (un)related. Wed, 03 Apr 2013 13:15:20 +0000 hourly 1 http://wordpress.org/?v=4.3 By: Cara Mengamankan SVN live site pada WHM/Cpanel ( to be revised ) | Indonesian Developer http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-1127 Sat, 15 Sep 2012 08:37:40 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-1127 […] Reason :: http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/ […]

]]>
By: Dmitry http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-1000 Tue, 15 Feb 2011 20:28:13 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-1000 Yeah, habrhabr.ru loves to copy content from other websites; a disgrace. But then again, almost all of runet is a rip off, which is sad.

Anyway, thanks for the article! But I wonder, why the developers never care to test that themselves? That is troubling.

I was always using export for deployment but it’s kind of a headache because you end up deleting and overwriting files and restarting the services. So, I found your article and I find serving 404 a reasonable alternative.

]]>
By: SVN уязвимость года. Подвержены крупнейшие веб-проекты Интернета http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-846 Fri, 01 Oct 2010 06:59:19 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-846 […] почитать по теме можно здесь: http://habrahabr.ru/blogs/infosecurity/70330/ http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checko… Запись опубликована в рубрике Новости. Добавьте в […]

]]>
By: Alex http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-765 Mon, 18 Jan 2010 00:07:12 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-765 stupid russian idiots published this news 1 year after you…))

http://habrahabr.ru/blogs/infosecurity/70330/

]]>
By: rtw http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-644 Thu, 12 Mar 2009 19:27:42 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-644 i’ve been messing around with my lighttpd regex patterns trying to solve this issue –


$HTTP["url"] =~ ".*\.svn.*" {
url.access-deny = ("")
}

still allows me to access/download the /.svn/entries and /.svn/format files, but protects the directory. Anyone else have similar results?

p.s. – i’m actually planning on using:


url.redirect-code = 404

instead of

#url.access-deny = ("")

I believe this is a better strategy – that way you’re denying that the files are even there. The equivalent in Apache is:


RedirectMatch 404 /\\.svn(/|$)

(the apache directive protects the entries and format files)

Any help is appreciated!!

]]>
By: Jason http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-602 Fri, 19 Dec 2008 01:27:28 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-602 I use darcs rather than svn for my webpage, and noticed the darcs equivalent to this a few months ago. It’s a problem with most VC systems.

]]>
By: Jonathan http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/comment-page-1/#comment-573 Sun, 26 Oct 2008 14:09:28 +0000 http://scottbarnham.com/blog/2008/04/22/serving-websites-from-svn-checkout-considered-harmful/#comment-573 Wow! Thanks for opening my eyes on this.

I’m so surprised that this isn’t a well-known issue for web developers using subversion.

I just sent your article out to a bunch of colleagues.
Thanks again,
Jonathan

]]>