[nycphp-talk] Webserver file access (and version control)
tim_lists at o2group.com
Mon Aug 20 17:02:05 EDT 2007
Cliff Hirsch wrote:
>> Hey, nice catch Cliff.
>> <DirectoryMatch "^/.*/\.svn">
>> Order allow,deny
>> Deny from all
>> Convenience over security can come back to bite you, I guess.
>> To reiterate the point, if you use subversion to manage web
>> directories, you need to make sure that the .svn metadata will not be
>> served by apache.
> Convenience sure makes me want to use this approach. And you could even
> update the production "working copy" to a specific branch or tag, not just
> the main trunk. But...it's still an update and conflicts would be a bear to
> deal with in a production environment. Although there shouldn't be any
> conflicts if the prod. Working copy isn't touched.
It goes the other way. Making a release should always be a fresh check
out of a (brand new) branch that got tagged on the testing server.
If any serious but easy to fix bugs appear on the production system, you
just fix them, commit the changes back to the branch, and then merge
those changes back to the trunk on your development system.
More information about the talk