[nycphp-talk] Webserver file access (and version control)

csnyder chsnyder at
Mon Aug 20 15:45:59 EDT 2007

On 8/18/07, Cliff Hirsch <cliff at> wrote:
> Are there any issues related to having the version control hidden files and
> folders on a production site? Does the Subversion .svn folder need to be
> protected on a production site? Is the best practice to do ongoing updates
> on a production site using version control or to export  specific tagged
> versions to a production site (which would remove al the version control
> specific hidden files)?

Hey, nice catch Cliff.

<DirectoryMatch "^/.*/\.svn">
    Order allow,deny
    Deny from all

Convenience over security can come back to bite you, I guess.

To reiterate the point, if you use subversion to manage web
directories, you need to make sure that the .svn metadata will not be
served by apache.

Chris Snyder

More information about the talk mailing list